################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2023-06-03 23:49:39 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.195.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651622/; classtype:trojan-activity;sid:83514722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.85.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651621/; classtype:trojan-activity;sid:83514721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.199.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651620/; classtype:trojan-activity;sid:83514720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651619/; classtype:trojan-activity;sid:83514719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.2.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651618/; classtype:trojan-activity;sid:83514718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.85.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651617/; classtype:trojan-activity;sid:83514717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.11.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651616/; classtype:trojan-activity;sid:83514716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.204.164.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651615/; classtype:trojan-activity;sid:83514715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.49.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651614/; classtype:trojan-activity;sid:83514714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651613/; classtype:trojan-activity;sid:83514713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651612/; classtype:trojan-activity;sid:83514712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.92.37.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651610/; classtype:trojan-activity;sid:83514710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.36.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651608/; classtype:trojan-activity;sid:83514708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.97.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651609/; classtype:trojan-activity;sid:83514709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.192.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651607/; classtype:trojan-activity;sid:83514707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.99.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651606/; classtype:trojan-activity;sid:83514706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651605)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.235.215.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651605/; classtype:trojan-activity;sid:83514705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.49.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651603/; classtype:trojan-activity;sid:83514703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.254.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651601/; classtype:trojan-activity;sid:83514701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.254.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651600/; classtype:trojan-activity;sid:83514700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651599/; classtype:trojan-activity;sid:83514699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.232.195.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651598/; classtype:trojan-activity;sid:83514698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.180.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651597/; classtype:trojan-activity;sid:83514697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.97.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651594/; classtype:trojan-activity;sid:83514694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.160.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651593/; classtype:trojan-activity;sid:83514693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.183.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651592/; classtype:trojan-activity;sid:83514692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.183.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651589/; classtype:trojan-activity;sid:83514689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.185.15.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651588/; classtype:trojan-activity;sid:83514688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.226.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651587/; classtype:trojan-activity;sid:83514687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651585/; classtype:trojan-activity;sid:83514685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.236.35.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651586/; classtype:trojan-activity;sid:83514686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.67.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651583/; classtype:trojan-activity;sid:83514683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.234.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651582/; classtype:trojan-activity;sid:83514682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.43.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651581/; classtype:trojan-activity;sid:83514681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.87.214.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651579/; classtype:trojan-activity;sid:83514679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.89.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651578/; classtype:trojan-activity;sid:83514678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.192.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651577/; classtype:trojan-activity;sid:83514677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.154.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651574/; classtype:trojan-activity;sid:83514674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.245.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651573/; classtype:trojan-activity;sid:83514673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.235.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651571/; classtype:trojan-activity;sid:83514671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.104.218.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651570/; classtype:trojan-activity;sid:83514670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651569/; classtype:trojan-activity;sid:83514669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.83.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651567/; classtype:trojan-activity;sid:83514667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.8.202"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651564/; classtype:trojan-activity;sid:83514664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.119.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651563/; classtype:trojan-activity;sid:83514663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.44.7.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651562/; classtype:trojan-activity;sid:83514662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.180.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651561/; classtype:trojan-activity;sid:83514661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651560/; classtype:trojan-activity;sid:83514660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.28.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651559/; classtype:trojan-activity;sid:83514659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651558)"; flow:established,from_client; content:"GET"; http_method; content:"/dsc01491/foto124.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"77.91.124.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651558/; classtype:trojan-activity;sid:83514658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.141.159.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651557/; classtype:trojan-activity;sid:83514657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.9.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651556/; classtype:trojan-activity;sid:83514656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651555/; classtype:trojan-activity;sid:83514655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.60.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651553/; classtype:trojan-activity;sid:83514653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651551)"; flow:established,from_client; content:"GET"; http_method; content:"/download/7e8e3c8b54a3dd86e1b6afb3300169b0f41449d860921fef25d1038c26215f3f6f88efa1616203fc5b51"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"api.filedoge.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651551/; classtype:trojan-activity;sid:83514651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651548)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.95.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651548/; classtype:trojan-activity;sid:83514648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651549)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.95.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651549/; classtype:trojan-activity;sid:83514649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651550)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.42.95.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651550/; classtype:trojan-activity;sid:83514650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651547)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.42.95.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651547/; classtype:trojan-activity;sid:83514647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.38.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651546/; classtype:trojan-activity;sid:83514646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.36.151.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651545/; classtype:trojan-activity;sid:83514645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651544)"; flow:established,from_client; content:"GET"; http_method; content:"/1/a2592d.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"179.43.162.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651544/; classtype:trojan-activity;sid:83514644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.234.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651542/; classtype:trojan-activity;sid:83514642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.173.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651543/; classtype:trojan-activity;sid:83514643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651540)"; flow:established,from_client; content:"GET"; http_method; content:"/dsc01491/fotod25.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"77.91.124.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651540/; classtype:trojan-activity;sid:83514640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.166.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651538/; classtype:trojan-activity;sid:83514638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651533/; classtype:trojan-activity;sid:83514633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.177.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651531/; classtype:trojan-activity;sid:83514631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651530/; classtype:trojan-activity;sid:83514630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651529)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.239.221.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651529/; classtype:trojan-activity;sid:83514629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651528/; classtype:trojan-activity;sid:83514628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.103.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651527/; classtype:trojan-activity;sid:83514627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651524/; classtype:trojan-activity;sid:83514624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651523/; classtype:trojan-activity;sid:83514623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.120.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651519/; classtype:trojan-activity;sid:83514619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.158.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651518/; classtype:trojan-activity;sid:83514618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.18.211.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651515/; classtype:trojan-activity;sid:83514615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.226.249.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651514/; classtype:trojan-activity;sid:83514614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.182.191.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651512/; classtype:trojan-activity;sid:83514612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.195.56.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651511/; classtype:trojan-activity;sid:83514611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.18.211.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651507/; classtype:trojan-activity;sid:83514607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651506/; classtype:trojan-activity;sid:83514606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.0.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651502/; classtype:trojan-activity;sid:83514602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.123.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651499/; classtype:trojan-activity;sid:83514599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.113.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651497/; classtype:trojan-activity;sid:83514597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651490)"; flow:established,from_client; content:"GET"; http_method; content:"//mips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"198.12.97.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651490/; classtype:trojan-activity;sid:83514590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651491)"; flow:established,from_client; content:"GET"; http_method; content:"//sh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.12.97.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651491/; classtype:trojan-activity;sid:83514591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651493)"; flow:established,from_client; content:"GET"; http_method; content:"//ppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.12.97.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651493/; classtype:trojan-activity;sid:83514593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651487)"; flow:established,from_client; content:"GET"; http_method; content:"//arm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"198.12.97.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651487/; classtype:trojan-activity;sid:83514587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.255.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651483/; classtype:trojan-activity;sid:83514583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.202.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651482/; classtype:trojan-activity;sid:83514582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651479/; classtype:trojan-activity;sid:83514579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651478)"; flow:established,from_client; content:"GET"; http_method; content:"/server/sshkey2"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.245.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651478/; classtype:trojan-activity;sid:83514578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.157.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651475/; classtype:trojan-activity;sid:83514575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.147.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651474/; classtype:trojan-activity;sid:83514574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651471/; classtype:trojan-activity;sid:83514571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651472/; classtype:trojan-activity;sid:83514572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651463/; classtype:trojan-activity;sid:83514563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651464/; classtype:trojan-activity;sid:83514564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651465/; classtype:trojan-activity;sid:83514565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651466/; classtype:trojan-activity;sid:83514566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651467/; classtype:trojan-activity;sid:83514567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651468/; classtype:trojan-activity;sid:83514568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651469/; classtype:trojan-activity;sid:83514569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/100up.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"198.98.53.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651470/; classtype:trojan-activity;sid:83514570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.49.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651456/; classtype:trojan-activity;sid:83514556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.241.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651457/; classtype:trojan-activity;sid:83514557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.255.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651454/; classtype:trojan-activity;sid:83514554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651455/; classtype:trojan-activity;sid:83514555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.159.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651452/; classtype:trojan-activity;sid:83514552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.54.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651451/; classtype:trojan-activity;sid:83514551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651450/; classtype:trojan-activity;sid:83514550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.44.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651449/; classtype:trojan-activity;sid:83514549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.251.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651448/; classtype:trojan-activity;sid:83514548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.129.230.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651446/; classtype:trojan-activity;sid:83514546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651445/; classtype:trojan-activity;sid:83514545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.138.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651441/; classtype:trojan-activity;sid:83514541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.230.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651440/; classtype:trojan-activity;sid:83514540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.12.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651437/; classtype:trojan-activity;sid:83514537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.158.97.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651434/; classtype:trojan-activity;sid:83514534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.145.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651424/; classtype:trojan-activity;sid:83514524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.253.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651422/; classtype:trojan-activity;sid:83514522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.92.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651423/; classtype:trojan-activity;sid:83514523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651419/; classtype:trojan-activity;sid:83514519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651416)"; flow:established,from_client; content:"GET"; http_method; content:"/dimitrikon/enigm4software/raw/main/sceatt.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651416/; classtype:trojan-activity;sid:83514516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651415/; classtype:trojan-activity;sid:83514515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.139.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651411/; classtype:trojan-activity;sid:83514511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.253.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651409/; classtype:trojan-activity;sid:83514509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.31.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651408/; classtype:trojan-activity;sid:83514508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651398/; classtype:trojan-activity;sid:83514498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.189.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651395/; classtype:trojan-activity;sid:83514495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.249.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651389/; classtype:trojan-activity;sid:83514489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.222.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651381/; classtype:trojan-activity;sid:83514481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651378/; classtype:trojan-activity;sid:83514478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.242.167.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651365/; classtype:trojan-activity;sid:83514465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651360/; classtype:trojan-activity;sid:83514460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.142.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651359/; classtype:trojan-activity;sid:83514459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651356/; classtype:trojan-activity;sid:83514456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.9.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651352/; classtype:trojan-activity;sid:83514452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.149.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651351/; classtype:trojan-activity;sid:83514451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.11.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651350/; classtype:trojan-activity;sid:83514450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.177.230.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651349/; classtype:trojan-activity;sid:83514449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.165.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651344/; classtype:trojan-activity;sid:83514444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.193.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651343/; classtype:trojan-activity;sid:83514443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.210.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651341/; classtype:trojan-activity;sid:83514441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.12.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651339/; classtype:trojan-activity;sid:83514439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.197.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651333/; classtype:trojan-activity;sid:83514433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.196.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651331/; classtype:trojan-activity;sid:83514431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.50.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651329/; classtype:trojan-activity;sid:83514429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.205.231.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651327/; classtype:trojan-activity;sid:83514427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.170.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651325/; classtype:trojan-activity;sid:83514425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651324/; classtype:trojan-activity;sid:83514424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.188.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651321/; classtype:trojan-activity;sid:83514421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.200.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651314/; classtype:trojan-activity;sid:83514414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.208.117.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651313/; classtype:trojan-activity;sid:83514413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.53.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651310/; classtype:trojan-activity;sid:83514410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.147.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651309/; classtype:trojan-activity;sid:83514409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.99.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651307/; classtype:trojan-activity;sid:83514407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.182.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651303/; classtype:trojan-activity;sid:83514403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.176.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651302/; classtype:trojan-activity;sid:83514402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651298/; classtype:trojan-activity;sid:83514398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.199.128.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651297/; classtype:trojan-activity;sid:83514397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.64.33.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651291/; classtype:trojan-activity;sid:83514391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.137.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651290/; classtype:trojan-activity;sid:83514390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.211.200.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651287/; classtype:trojan-activity;sid:83514387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.169.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651285/; classtype:trojan-activity;sid:83514385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651282)"; flow:established,from_client; content:"GET"; http_method; content:"/secmorganzx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"194.180.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651282/; classtype:trojan-activity;sid:83514382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.236.35.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651277/; classtype:trojan-activity;sid:83514377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.145.190.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651270/; classtype:trojan-activity;sid:83514370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.58.114.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651265/; classtype:trojan-activity;sid:83514365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.153.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651258/; classtype:trojan-activity;sid:83514358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.174.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651255/; classtype:trojan-activity;sid:83514355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.3.235.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651252/; classtype:trojan-activity;sid:83514352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.141.240.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651248/; classtype:trojan-activity;sid:83514348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651249/; classtype:trojan-activity;sid:83514349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651247/; classtype:trojan-activity;sid:83514347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.236.35.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651244/; classtype:trojan-activity;sid:83514344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.27.242.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651243/; classtype:trojan-activity;sid:83514343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651238/; classtype:trojan-activity;sid:83514338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651237/; classtype:trojan-activity;sid:83514337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.166.201.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651235/; classtype:trojan-activity;sid:83514335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.224.48.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651229/; classtype:trojan-activity;sid:83514329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.54.253.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651230/; classtype:trojan-activity;sid:83514330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651222)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651222/; classtype:trojan-activity;sid:83514322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651223)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651223/; classtype:trojan-activity;sid:83514323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651214)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651214/; classtype:trojan-activity;sid:83514314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651215)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651215/; classtype:trojan-activity;sid:83514315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651216)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651216/; classtype:trojan-activity;sid:83514316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651217)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651217/; classtype:trojan-activity;sid:83514317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651218)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651218/; classtype:trojan-activity;sid:83514318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651219/; classtype:trojan-activity;sid:83514319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651220)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651220/; classtype:trojan-activity;sid:83514320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651221)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651221/; classtype:trojan-activity;sid:83514321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.117.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651213/; classtype:trojan-activity;sid:83514313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.196.26.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651211/; classtype:trojan-activity;sid:83514311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.213.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651193/; classtype:trojan-activity;sid:83514293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.93.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651191/; classtype:trojan-activity;sid:83514291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651188)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651188/; classtype:trojan-activity;sid:83514288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651189)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651189/; classtype:trojan-activity;sid:83514289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.236.35.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651187/; classtype:trojan-activity;sid:83514287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651184)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651184/; classtype:trojan-activity;sid:83514284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651185)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651185/; classtype:trojan-activity;sid:83514285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651186)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651186/; classtype:trojan-activity;sid:83514286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651182)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651182/; classtype:trojan-activity;sid:83514282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651183)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651183/; classtype:trojan-activity;sid:83514283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651178)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651178/; classtype:trojan-activity;sid:83514278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651179)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651179/; classtype:trojan-activity;sid:83514279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651180)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651180/; classtype:trojan-activity;sid:83514280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651181)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.82.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651181/; classtype:trojan-activity;sid:83514281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.253.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651170/; classtype:trojan-activity;sid:83514270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.129.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651157/; classtype:trojan-activity;sid:83514257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.103.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651154/; classtype:trojan-activity;sid:83514254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.89.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651140/; classtype:trojan-activity;sid:83514240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.18.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651141/; classtype:trojan-activity;sid:83514241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651130)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651130/; classtype:trojan-activity;sid:83514230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651131)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651131/; classtype:trojan-activity;sid:83514231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651132)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651132/; classtype:trojan-activity;sid:83514232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651133)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651133/; classtype:trojan-activity;sid:83514233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651134)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651134/; classtype:trojan-activity;sid:83514234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651127)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651127/; classtype:trojan-activity;sid:83514227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651128)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651128/; classtype:trojan-activity;sid:83514228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651129)"; flow:established,from_client; content:"GET"; http_method; content:"/networkrip.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651129/; classtype:trojan-activity;sid:83514229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651123/; classtype:trojan-activity;sid:83514223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.68.230.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651119/; classtype:trojan-activity;sid:83514219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.122.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651116/; classtype:trojan-activity;sid:83514216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.210.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651101/; classtype:trojan-activity;sid:83514201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651092/; classtype:trojan-activity;sid:83514192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.223.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651088/; classtype:trojan-activity;sid:83514188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.77.237.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651068/; classtype:trojan-activity;sid:83514168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651063/; classtype:trojan-activity;sid:83514163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.77.237.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651060/; classtype:trojan-activity;sid:83514160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.173.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651059/; classtype:trojan-activity;sid:83514159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.73.133.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651054/; classtype:trojan-activity;sid:83514154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.213.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651053/; classtype:trojan-activity;sid:83514153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.89.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651051/; classtype:trojan-activity;sid:83514151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651050/; classtype:trojan-activity;sid:83514150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.251.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651049/; classtype:trojan-activity;sid:83514149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651036)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651036/; classtype:trojan-activity;sid:83514136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651037)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651037/; classtype:trojan-activity;sid:83514137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651038)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651038/; classtype:trojan-activity;sid:83514138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651039)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651039/; classtype:trojan-activity;sid:83514139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651040)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651040/; classtype:trojan-activity;sid:83514140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651041)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651041/; classtype:trojan-activity;sid:83514141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651042/; classtype:trojan-activity;sid:83514142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651043)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651043/; classtype:trojan-activity;sid:83514143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651044)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651044/; classtype:trojan-activity;sid:83514144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651045)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651045/; classtype:trojan-activity;sid:83514145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651046)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651046/; classtype:trojan-activity;sid:83514146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651047)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.42.32.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651047/; classtype:trojan-activity;sid:83514147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651034)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.173.77.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651034/; classtype:trojan-activity;sid:83514134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651016)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651016/; classtype:trojan-activity;sid:83514116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651017)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651017/; classtype:trojan-activity;sid:83514117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651018)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651018/; classtype:trojan-activity;sid:83514118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651012)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651012/; classtype:trojan-activity;sid:83514112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651014)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651014/; classtype:trojan-activity;sid:83514114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651015)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651015/; classtype:trojan-activity;sid:83514115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651006)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651006/; classtype:trojan-activity;sid:83514106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651007)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651007/; classtype:trojan-activity;sid:83514107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651008)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651008/; classtype:trojan-activity;sid:83514108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651009)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651009/; classtype:trojan-activity;sid:83514109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651004)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651004/; classtype:trojan-activity;sid:83514104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651005)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651005/; classtype:trojan-activity;sid:83514105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651003)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.180.48.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651003/; classtype:trojan-activity;sid:83514103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.223.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651002/; classtype:trojan-activity;sid:83514102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650997/; classtype:trojan-activity;sid:83514097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650998/; classtype:trojan-activity;sid:83514098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650999/; classtype:trojan-activity;sid:83514099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651000/; classtype:trojan-activity;sid:83514100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2651001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2651001/; classtype:trojan-activity;sid:83514101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650991/; classtype:trojan-activity;sid:83514091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650992/; classtype:trojan-activity;sid:83514092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650993/; classtype:trojan-activity;sid:83514093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650994/; classtype:trojan-activity;sid:83514094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650995/; classtype:trojan-activity;sid:83514095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.6.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650996/; classtype:trojan-activity;sid:83514096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.241.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650988/; classtype:trojan-activity;sid:83514088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.36.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650986/; classtype:trojan-activity;sid:83514086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650980)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650980/; classtype:trojan-activity;sid:83514080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650981)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650981/; classtype:trojan-activity;sid:83514081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650982)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650982/; classtype:trojan-activity;sid:83514082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650983)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650983/; classtype:trojan-activity;sid:83514083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650984)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650984/; classtype:trojan-activity;sid:83514084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650975)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650975/; classtype:trojan-activity;sid:83514075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650976)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650976/; classtype:trojan-activity;sid:83514076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650977)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650977/; classtype:trojan-activity;sid:83514077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650978)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.225.74.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650978/; classtype:trojan-activity;sid:83514078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650971/; classtype:trojan-activity;sid:83514071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650963/; classtype:trojan-activity;sid:83514063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650949)"; flow:established,from_client; content:"GET"; http_method; content:"/eee23xe.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.178.120.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650949/; classtype:trojan-activity;sid:83514049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.140.167.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650945/; classtype:trojan-activity;sid:83514045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.130.251.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650932/; classtype:trojan-activity;sid:83514032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650931)"; flow:established,from_client; content:"GET"; http_method; content:"/download/adobe.after.effects_pass1234.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"stablewin32.app"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650931/; classtype:trojan-activity;sid:83514031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650928)"; flow:established,from_client; content:"GET"; http_method; content:"/download/adobe.animate.2022_pass1234.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"stablewin32.app"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650928/; classtype:trojan-activity;sid:83514028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650927)"; flow:established,from_client; content:"GET"; http_method; content:"/download/file_pass1234.7z"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"usml.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650927/; classtype:trojan-activity;sid:83514027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650924)"; flow:established,from_client; content:"GET"; http_method; content:"/download/el3ctron.rar"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"el3ctrn.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650924/; classtype:trojan-activity;sid:83514024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.65.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650921/; classtype:trojan-activity;sid:83514021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.120.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650920/; classtype:trojan-activity;sid:83514020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.250.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650916/; classtype:trojan-activity;sid:83514016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.222.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650906/; classtype:trojan-activity;sid:83514006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.250.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650902/; classtype:trojan-activity;sid:83514002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.213.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650898/; classtype:trojan-activity;sid:83513998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.12.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650896/; classtype:trojan-activity;sid:83513996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.238.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650895/; classtype:trojan-activity;sid:83513995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.4.125.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650893/; classtype:trojan-activity;sid:83513993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.55.205.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650880/; classtype:trojan-activity;sid:83513980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.243.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650879/; classtype:trojan-activity;sid:83513979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.122.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650866/; classtype:trojan-activity;sid:83513966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.46.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650861/; classtype:trojan-activity;sid:83513961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.152.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650860/; classtype:trojan-activity;sid:83513960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.104.45.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650848/; classtype:trojan-activity;sid:83513948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650843)"; flow:established,from_client; content:"GET"; http_method; content:"/257/hkcmd.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650843/; classtype:trojan-activity;sid:83513943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650842)"; flow:established,from_client; content:"GET"; http_method; content:"/iou/iuiiiuiuiuiuiuiuiui%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23uiuiuiiiiuiu.doc"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"45.66.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650842/; classtype:trojan-activity;sid:83513942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650841/; classtype:trojan-activity;sid:83513941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650837/; classtype:trojan-activity;sid:83513937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.130.251.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650835/; classtype:trojan-activity;sid:83513935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.130.251.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650819/; classtype:trojan-activity;sid:83513919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650809/; classtype:trojan-activity;sid:83513909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.182.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650810/; classtype:trojan-activity;sid:83513910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.76.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650805/; classtype:trojan-activity;sid:83513905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.180.106.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650800/; classtype:trojan-activity;sid:83513900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650794)"; flow:established,from_client; content:"GET"; http_method; content:"/amips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"163.197.255.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650794/; classtype:trojan-activity;sid:83513894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650793)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"163.197.255.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650793/; classtype:trojan-activity;sid:83513893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.159.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650792/; classtype:trojan-activity;sid:83513892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.172.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650789/; classtype:trojan-activity;sid:83513889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.214.67.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650767/; classtype:trojan-activity;sid:83513867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.123.144.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650765/; classtype:trojan-activity;sid:83513865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.171.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650762/; classtype:trojan-activity;sid:83513862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.120.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650759/; classtype:trojan-activity;sid:83513859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650760/; classtype:trojan-activity;sid:83513860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650756/; classtype:trojan-activity;sid:83513856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.27.118.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650754/; classtype:trojan-activity;sid:83513854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650748/; classtype:trojan-activity;sid:83513848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.88.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650747/; classtype:trojan-activity;sid:83513847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.182.208.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650740/; classtype:trojan-activity;sid:83513840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650739)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.64.78.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650739/; classtype:trojan-activity;sid:83513839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.105.212.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650725/; classtype:trojan-activity;sid:83513825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.203.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650720/; classtype:trojan-activity;sid:83513820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.249.42.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_03; reference:url, urlhaus.abuse.ch/url/2650717/; classtype:trojan-activity;sid:83513817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.166.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650709/; classtype:trojan-activity;sid:83513809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.164.32.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650708/; classtype:trojan-activity;sid:83513808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.117.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650707/; classtype:trojan-activity;sid:83513807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.86.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650706/; classtype:trojan-activity;sid:83513806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.153.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650704/; classtype:trojan-activity;sid:83513804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.229.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650705/; classtype:trojan-activity;sid:83513805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.153.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650703/; classtype:trojan-activity;sid:83513803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.160.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650702/; classtype:trojan-activity;sid:83513802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.42.187.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650701/; classtype:trojan-activity;sid:83513801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.161.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650700/; classtype:trojan-activity;sid:83513800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.202.106.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650699/; classtype:trojan-activity;sid:83513799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.110.67.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650697/; classtype:trojan-activity;sid:83513797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650698/; classtype:trojan-activity;sid:83513798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.237.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650696/; classtype:trojan-activity;sid:83513796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.111.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650695/; classtype:trojan-activity;sid:83513795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.168.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650694/; classtype:trojan-activity;sid:83513794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.222.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650693/; classtype:trojan-activity;sid:83513793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.128.158.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650692/; classtype:trojan-activity;sid:83513792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.155.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650691/; classtype:trojan-activity;sid:83513791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.94.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650690/; classtype:trojan-activity;sid:83513790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.163.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650688/; classtype:trojan-activity;sid:83513788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650689/; classtype:trojan-activity;sid:83513789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.242.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650687/; classtype:trojan-activity;sid:83513787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.252.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650686/; classtype:trojan-activity;sid:83513786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.27.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650685/; classtype:trojan-activity;sid:83513785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.174.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650684/; classtype:trojan-activity;sid:83513784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.110.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650683/; classtype:trojan-activity;sid:83513783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.79.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650682/; classtype:trojan-activity;sid:83513782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.153.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650681/; classtype:trojan-activity;sid:83513781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.159.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650680/; classtype:trojan-activity;sid:83513780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.45.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650679/; classtype:trojan-activity;sid:83513779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.218.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650678/; classtype:trojan-activity;sid:83513778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.235.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650677/; classtype:trojan-activity;sid:83513777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.152.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650676/; classtype:trojan-activity;sid:83513776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650675)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.230.199.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650675/; classtype:trojan-activity;sid:83513775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.13.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650674/; classtype:trojan-activity;sid:83513774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.232.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650673/; classtype:trojan-activity;sid:83513773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650672/; classtype:trojan-activity;sid:83513772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.234.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650671/; classtype:trojan-activity;sid:83513771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.156.83.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650670/; classtype:trojan-activity;sid:83513770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650669/; classtype:trojan-activity;sid:83513769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.104.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650668/; classtype:trojan-activity;sid:83513768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.163.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650667/; classtype:trojan-activity;sid:83513767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650666)"; flow:established,from_client; content:"GET"; http_method; content:"/files/setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.228.169.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650666/; classtype:trojan-activity;sid:83513766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.230.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650665/; classtype:trojan-activity;sid:83513765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.110.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650664/; classtype:trojan-activity;sid:83513764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.98.69.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650663/; classtype:trojan-activity;sid:83513763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.22.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650662/; classtype:trojan-activity;sid:83513762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.153.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650661/; classtype:trojan-activity;sid:83513761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650660)"; flow:established,from_client; content:"GET"; http_method; content:"/files/a2592dx.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.228.169.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650660/; classtype:trojan-activity;sid:83513760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.169.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650659/; classtype:trojan-activity;sid:83513759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.247.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650658/; classtype:trojan-activity;sid:83513758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.166.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650657/; classtype:trojan-activity;sid:83513757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.219.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650656/; classtype:trojan-activity;sid:83513756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.153.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650655/; classtype:trojan-activity;sid:83513755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650654/; classtype:trojan-activity;sid:83513754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.187.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650653/; classtype:trojan-activity;sid:83513753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.167.165.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650652/; classtype:trojan-activity;sid:83513752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.64.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650651/; classtype:trojan-activity;sid:83513751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.180.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650649/; classtype:trojan-activity;sid:83513749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650650/; classtype:trojan-activity;sid:83513750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650648/; classtype:trojan-activity;sid:83513748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.245.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650647/; classtype:trojan-activity;sid:83513747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.45.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650645/; classtype:trojan-activity;sid:83513745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.163.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650646/; classtype:trojan-activity;sid:83513746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650644/; classtype:trojan-activity;sid:83513744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.159.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650643/; classtype:trojan-activity;sid:83513743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.91.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650642/; classtype:trojan-activity;sid:83513742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.151.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650641/; classtype:trojan-activity;sid:83513741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.250.132.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650640/; classtype:trojan-activity;sid:83513740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650639/; classtype:trojan-activity;sid:83513739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650638)"; flow:established,from_client; content:"GET"; http_method; content:"/.router/twitter"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.128.232.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650638/; classtype:trojan-activity;sid:83513738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.237.13.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650637/; classtype:trojan-activity;sid:83513737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.135.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650636/; classtype:trojan-activity;sid:83513736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650635/; classtype:trojan-activity;sid:83513735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.179.150.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650634/; classtype:trojan-activity;sid:83513734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.181"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650633/; classtype:trojan-activity;sid:83513733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.239.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650631/; classtype:trojan-activity;sid:83513731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.143.170.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650632/; classtype:trojan-activity;sid:83513732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.92.66.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650630/; classtype:trojan-activity;sid:83513730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.247.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650629/; classtype:trojan-activity;sid:83513729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.1.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650628/; classtype:trojan-activity;sid:83513728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.11.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650627/; classtype:trojan-activity;sid:83513727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.255.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650626/; classtype:trojan-activity;sid:83513726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.188.132.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650625/; classtype:trojan-activity;sid:83513725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.130.29.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650624/; classtype:trojan-activity;sid:83513724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.110.87.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650623/; classtype:trojan-activity;sid:83513723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.7.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650622/; classtype:trojan-activity;sid:83513722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.110.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650621/; classtype:trojan-activity;sid:83513721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.75.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650620/; classtype:trojan-activity;sid:83513720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.216.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650619/; classtype:trojan-activity;sid:83513719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.191.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650618/; classtype:trojan-activity;sid:83513718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.134.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650617/; classtype:trojan-activity;sid:83513717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.79.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650616/; classtype:trojan-activity;sid:83513716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650615/; classtype:trojan-activity;sid:83513715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.16.135.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650614/; classtype:trojan-activity;sid:83513714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.173.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650612/; classtype:trojan-activity;sid:83513712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650613/; classtype:trojan-activity;sid:83513713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.170.124.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650611/; classtype:trojan-activity;sid:83513711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.181.225.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650610/; classtype:trojan-activity;sid:83513710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.30.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650609/; classtype:trojan-activity;sid:83513709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.136.35.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650608/; classtype:trojan-activity;sid:83513708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.233.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650607/; classtype:trojan-activity;sid:83513707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650606/; classtype:trojan-activity;sid:83513706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.2.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650605/; classtype:trojan-activity;sid:83513705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.167.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650604/; classtype:trojan-activity;sid:83513704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.127.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650603/; classtype:trojan-activity;sid:83513703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.163.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650602/; classtype:trojan-activity;sid:83513702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.253.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650601/; classtype:trojan-activity;sid:83513701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.151.125.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650600/; classtype:trojan-activity;sid:83513700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.117.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650599/; classtype:trojan-activity;sid:83513699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.2.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650598/; classtype:trojan-activity;sid:83513698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.253.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650597/; classtype:trojan-activity;sid:83513697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.168"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650596/; classtype:trojan-activity;sid:83513696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.86.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650595/; classtype:trojan-activity;sid:83513695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.135.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650594/; classtype:trojan-activity;sid:83513694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.177.216.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650593/; classtype:trojan-activity;sid:83513693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650592/; classtype:trojan-activity;sid:83513692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.243.160.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650591/; classtype:trojan-activity;sid:83513691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650590/; classtype:trojan-activity;sid:83513690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.214.166.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650589/; classtype:trojan-activity;sid:83513689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650588/; classtype:trojan-activity;sid:83513688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650587/; classtype:trojan-activity;sid:83513687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.89.84.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650586/; classtype:trojan-activity;sid:83513686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.117.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650585/; classtype:trojan-activity;sid:83513685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.112.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650584/; classtype:trojan-activity;sid:83513684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.165.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650583/; classtype:trojan-activity;sid:83513683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.44.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650582/; classtype:trojan-activity;sid:83513682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.99.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650581/; classtype:trojan-activity;sid:83513681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.233.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650580/; classtype:trojan-activity;sid:83513680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.216.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650579/; classtype:trojan-activity;sid:83513679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650578)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64|3f|ddos"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.210.162.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650578/; classtype:trojan-activity;sid:83513678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/u"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.217.144.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650577/; classtype:trojan-activity;sid:83513677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.85.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650576/; classtype:trojan-activity;sid:83513676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650575/; classtype:trojan-activity;sid:83513675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.117.199.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650574/; classtype:trojan-activity;sid:83513674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.70.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650573/; classtype:trojan-activity;sid:83513673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.211.224.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650572/; classtype:trojan-activity;sid:83513672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.117.199.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650571/; classtype:trojan-activity;sid:83513671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.70.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650570/; classtype:trojan-activity;sid:83513670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.190.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650569/; classtype:trojan-activity;sid:83513669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.18.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650568/; classtype:trojan-activity;sid:83513668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.223.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650567/; classtype:trojan-activity;sid:83513667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650566/; classtype:trojan-activity;sid:83513666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.19.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650565/; classtype:trojan-activity;sid:83513665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.138.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650564/; classtype:trojan-activity;sid:83513664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.211.224.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650563/; classtype:trojan-activity;sid:83513663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.92.24.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650562/; classtype:trojan-activity;sid:83513662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.19.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650561/; classtype:trojan-activity;sid:83513661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.189.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650560/; classtype:trojan-activity;sid:83513660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.9.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650559/; classtype:trojan-activity;sid:83513659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.34.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650558/; classtype:trojan-activity;sid:83513658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650557/; classtype:trojan-activity;sid:83513657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.3.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650556/; classtype:trojan-activity;sid:83513656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650554/; classtype:trojan-activity;sid:83513654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650555/; classtype:trojan-activity;sid:83513655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.29.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650553/; classtype:trojan-activity;sid:83513653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.60.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650552/; classtype:trojan-activity;sid:83513652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.131.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650551/; classtype:trojan-activity;sid:83513651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.13.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650549/; classtype:trojan-activity;sid:83513649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.231.216.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650550/; classtype:trojan-activity;sid:83513650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650548/; classtype:trojan-activity;sid:83513648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.131.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650547/; classtype:trojan-activity;sid:83513647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.66.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650546/; classtype:trojan-activity;sid:83513646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.171.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650545/; classtype:trojan-activity;sid:83513645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.237.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650541/; classtype:trojan-activity;sid:83513641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.234.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650542/; classtype:trojan-activity;sid:83513642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650543/; classtype:trojan-activity;sid:83513643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650544/; classtype:trojan-activity;sid:83513644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.229.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650540/; classtype:trojan-activity;sid:83513640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.173.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650539/; classtype:trojan-activity;sid:83513639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.24.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650538/; classtype:trojan-activity;sid:83513638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.160.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650536/; classtype:trojan-activity;sid:83513636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.24.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650537/; classtype:trojan-activity;sid:83513637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.104.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650535/; classtype:trojan-activity;sid:83513635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.51.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650534/; classtype:trojan-activity;sid:83513634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.147.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650533/; classtype:trojan-activity;sid:83513633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.147.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650532/; classtype:trojan-activity;sid:83513632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.37.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650529/; classtype:trojan-activity;sid:83513629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.57.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650530/; classtype:trojan-activity;sid:83513630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.226.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650531/; classtype:trojan-activity;sid:83513631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.12.5.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650528/; classtype:trojan-activity;sid:83513628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.101.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650527/; classtype:trojan-activity;sid:83513627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650526)"; flow:established,from_client; content:"GET"; http_method; content:"/uqia/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"baaranj.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650526/; classtype:trojan-activity;sid:83513626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650525)"; flow:established,from_client; content:"GET"; http_method; content:"/teet/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"expaceos.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650525/; classtype:trojan-activity;sid:83513625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650518)"; flow:established,from_client; content:"GET"; http_method; content:"/agtf/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ab-sol.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650518/; classtype:trojan-activity;sid:83513618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650519)"; flow:established,from_client; content:"GET"; http_method; content:"/ned/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"riyatrucking.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650519/; classtype:trojan-activity;sid:83513619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tuoi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"xtremedevelopers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650520/; classtype:trojan-activity;sid:83513620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650521)"; flow:established,from_client; content:"GET"; http_method; content:"/itai/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"noormakina.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650521/; classtype:trojan-activity;sid:83513621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650522)"; flow:established,from_client; content:"GET"; http_method; content:"/tro/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"treeweb.it"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650522/; classtype:trojan-activity;sid:83513622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650523)"; flow:established,from_client; content:"GET"; http_method; content:"/se/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pipclass.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650523/; classtype:trojan-activity;sid:83513623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650524)"; flow:established,from_client; content:"GET"; http_method; content:"/timn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nladfk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650524/; classtype:trojan-activity;sid:83513624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.87.145.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650517/; classtype:trojan-activity;sid:83513617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.160.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650515/; classtype:trojan-activity;sid:83513615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.178.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650516/; classtype:trojan-activity;sid:83513616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.83.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650514/; classtype:trojan-activity;sid:83513614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.93.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650513/; classtype:trojan-activity;sid:83513613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.14.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650512/; classtype:trojan-activity;sid:83513612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.160.92.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650511/; classtype:trojan-activity;sid:83513611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.13.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650510/; classtype:trojan-activity;sid:83513610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650509/; classtype:trojan-activity;sid:83513609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.222.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650508/; classtype:trojan-activity;sid:83513608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.152.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650507/; classtype:trojan-activity;sid:83513607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.85.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650506/; classtype:trojan-activity;sid:83513606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650505/; classtype:trojan-activity;sid:83513605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650504/; classtype:trojan-activity;sid:83513604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650502/; classtype:trojan-activity;sid:83513602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.39.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650503/; classtype:trojan-activity;sid:83513603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.190.139.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650501/; classtype:trojan-activity;sid:83513601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.205.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650500/; classtype:trojan-activity;sid:83513600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.174.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650499/; classtype:trojan-activity;sid:83513599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.94.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650498/; classtype:trojan-activity;sid:83513598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.35.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650497/; classtype:trojan-activity;sid:83513597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650496/; classtype:trojan-activity;sid:83513596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.244.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650495/; classtype:trojan-activity;sid:83513595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.111.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650494/; classtype:trojan-activity;sid:83513594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.243.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650493/; classtype:trojan-activity;sid:83513593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650492/; classtype:trojan-activity;sid:83513592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.48.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650491/; classtype:trojan-activity;sid:83513591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650490)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.225.171.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650490/; classtype:trojan-activity;sid:83513590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.0.61.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650489/; classtype:trojan-activity;sid:83513589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.238.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650488/; classtype:trojan-activity;sid:83513588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.50.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650487/; classtype:trojan-activity;sid:83513587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.113.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650486/; classtype:trojan-activity;sid:83513586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650485)"; flow:established,from_client; content:"GET"; http_method; content:"/ztpjgl/c068"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.121.23.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650485/; classtype:trojan-activity;sid:83513585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650483)"; flow:established,from_client; content:"GET"; http_method; content:"/pagz9az/c068"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.236.28.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650483/; classtype:trojan-activity;sid:83513583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650484)"; flow:established,from_client; content:"GET"; http_method; content:"/wlcvm/c068"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.236.15.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650484/; classtype:trojan-activity;sid:83513584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.165.71.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650482/; classtype:trojan-activity;sid:83513582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.77.237.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650481/; classtype:trojan-activity;sid:83513581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.14.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650480/; classtype:trojan-activity;sid:83513580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650479/; classtype:trojan-activity;sid:83513579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.243.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650478/; classtype:trojan-activity;sid:83513578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.83.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650477/; classtype:trojan-activity;sid:83513577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650476)"; flow:established,from_client; content:"GET"; http_method; content:"/d/dollar.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650476/; classtype:trojan-activity;sid:83513576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.234.174.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650475/; classtype:trojan-activity;sid:83513575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.190.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650474/; classtype:trojan-activity;sid:83513574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.236.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650473/; classtype:trojan-activity;sid:83513573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650472)"; flow:established,from_client; content:"GET"; http_method; content:"/d/h2.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650472/; classtype:trojan-activity;sid:83513572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.113.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650471/; classtype:trojan-activity;sid:83513571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.236.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650470/; classtype:trojan-activity;sid:83513570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650469/; classtype:trojan-activity;sid:83513569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.50.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650468/; classtype:trojan-activity;sid:83513568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.149.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650467/; classtype:trojan-activity;sid:83513567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.53.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650466/; classtype:trojan-activity;sid:83513566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.254.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650465/; classtype:trojan-activity;sid:83513565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650464)"; flow:established,from_client; content:"GET"; http_method; content:"/ic/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"abhyasana.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650464/; classtype:trojan-activity;sid:83513564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650463)"; flow:established,from_client; content:"GET"; http_method; content:"/aaia/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"iohp.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650463/; classtype:trojan-activity;sid:83513563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650462)"; flow:established,from_client; content:"GET"; http_method; content:"/ps/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ortopediawong.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650462/; classtype:trojan-activity;sid:83513562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650460)"; flow:established,from_client; content:"GET"; http_method; content:"/idrl/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"edubrovnik.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650460/; classtype:trojan-activity;sid:83513560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650461)"; flow:established,from_client; content:"GET"; http_method; content:"/nii/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bricsafricaconsulting.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650461/; classtype:trojan-activity;sid:83513561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650459)"; flow:established,from_client; content:"GET"; http_method; content:"/unac/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ihubtalent.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650459/; classtype:trojan-activity;sid:83513559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650457)"; flow:established,from_client; content:"GET"; http_method; content:"/uums/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"quraniqraacademy.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650457/; classtype:trojan-activity;sid:83513557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650458)"; flow:established,from_client; content:"GET"; http_method; content:"/rem/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apkvisions.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650458/; classtype:trojan-activity;sid:83513558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650452)"; flow:established,from_client; content:"GET"; http_method; content:"/leee/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"chiomastech.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650452/; classtype:trojan-activity;sid:83513552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650453)"; flow:established,from_client; content:"GET"; http_method; content:"/rosi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"inventifweb.net.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650453/; classtype:trojan-activity;sid:83513553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650454)"; flow:established,from_client; content:"GET"; http_method; content:"/dsi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bismihomeappliance.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650454/; classtype:trojan-activity;sid:83513554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650455)"; flow:established,from_client; content:"GET"; http_method; content:"/lm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"houseofiron.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650455/; classtype:trojan-activity;sid:83513555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650456)"; flow:established,from_client; content:"GET"; http_method; content:"/pi/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sudaksha.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650456/; classtype:trojan-activity;sid:83513556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650448)"; flow:established,from_client; content:"GET"; http_method; content:"/qitt/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"centralvalleylaw.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650448/; classtype:trojan-activity;sid:83513548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650449)"; flow:established,from_client; content:"GET"; http_method; content:"/qa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"opencartar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650449/; classtype:trojan-activity;sid:83513549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650450)"; flow:established,from_client; content:"GET"; http_method; content:"/etr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"giveafox.co.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650450/; classtype:trojan-activity;sid:83513550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650451)"; flow:established,from_client; content:"GET"; http_method; content:"/rni/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"saharascientific.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650451/; classtype:trojan-activity;sid:83513551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650445)"; flow:established,from_client; content:"GET"; http_method; content:"/mvso/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"alhoja.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650445/; classtype:trojan-activity;sid:83513545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650446)"; flow:established,from_client; content:"GET"; http_method; content:"/tus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"todayjournal.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650446/; classtype:trojan-activity;sid:83513546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650447)"; flow:established,from_client; content:"GET"; http_method; content:"/eus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"noor786110.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650447/; classtype:trojan-activity;sid:83513547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650437)"; flow:established,from_client; content:"GET"; http_method; content:"/aalt/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"portmapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650437/; classtype:trojan-activity;sid:83513537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650438)"; flow:established,from_client; content:"GET"; http_method; content:"/utee/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vainavitechnologies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650438/; classtype:trojan-activity;sid:83513538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650439)"; flow:established,from_client; content:"GET"; http_method; content:"/eni/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nsdvina.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650439/; classtype:trojan-activity;sid:83513539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650440)"; flow:established,from_client; content:"GET"; http_method; content:"/ne/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"apexlinkz.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650440/; classtype:trojan-activity;sid:83513540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650441)"; flow:established,from_client; content:"GET"; http_method; content:"/esil/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bagopack.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650441/; classtype:trojan-activity;sid:83513541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650442)"; flow:established,from_client; content:"GET"; http_method; content:"/reoo/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ma4salebyowner.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650442/; classtype:trojan-activity;sid:83513542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650443)"; flow:established,from_client; content:"GET"; http_method; content:"/ipt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"frey2.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650443/; classtype:trojan-activity;sid:83513543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650444)"; flow:established,from_client; content:"GET"; http_method; content:"/pqso/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jacksonkatz.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650444/; classtype:trojan-activity;sid:83513544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650435)"; flow:established,from_client; content:"GET"; http_method; content:"/san/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"modernurogyn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650435/; classtype:trojan-activity;sid:83513535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650436)"; flow:established,from_client; content:"GET"; http_method; content:"/eerd/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"armieaccessori.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650436/; classtype:trojan-activity;sid:83513536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650430)"; flow:established,from_client; content:"GET"; http_method; content:"/dexu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sehatcom.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650430/; classtype:trojan-activity;sid:83513530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650431)"; flow:established,from_client; content:"GET"; http_method; content:"/to/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"civilwarhomestead.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650431/; classtype:trojan-activity;sid:83513531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650432)"; flow:established,from_client; content:"GET"; http_method; content:"/sol/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"quranforkids.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650432/; classtype:trojan-activity;sid:83513532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650433)"; flow:established,from_client; content:"GET"; http_method; content:"/etuq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"copadegypt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650433/; classtype:trojan-activity;sid:83513533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650434)"; flow:established,from_client; content:"GET"; http_method; content:"/es/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tudien.org.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650434/; classtype:trojan-activity;sid:83513534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650427)"; flow:established,from_client; content:"GET"; http_method; content:"/em/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wzappstech.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650427/; classtype:trojan-activity;sid:83513527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650428)"; flow:established,from_client; content:"GET"; http_method; content:"/ruua/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sephari.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650428/; classtype:trojan-activity;sid:83513528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650429)"; flow:established,from_client; content:"GET"; http_method; content:"/uta/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gmodesto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650429/; classtype:trojan-activity;sid:83513529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650424)"; flow:established,from_client; content:"GET"; http_method; content:"/inn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"helptimize.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650424/; classtype:trojan-activity;sid:83513524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650425)"; flow:established,from_client; content:"GET"; http_method; content:"/dd/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"orlaterole.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650425/; classtype:trojan-activity;sid:83513525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650426)"; flow:established,from_client; content:"GET"; http_method; content:"/msoa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"digitallnet.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650426/; classtype:trojan-activity;sid:83513526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650422)"; flow:established,from_client; content:"GET"; http_method; content:"/ter/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ispacecorp.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650422/; classtype:trojan-activity;sid:83513522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650423)"; flow:established,from_client; content:"GET"; http_method; content:"/quv/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"beautychoose.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650423/; classtype:trojan-activity;sid:83513523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650418)"; flow:established,from_client; content:"GET"; http_method; content:"/uot/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ciptarapoto.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650418/; classtype:trojan-activity;sid:83513518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650419)"; flow:established,from_client; content:"GET"; http_method; content:"/ut/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vedrishi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650419/; classtype:trojan-activity;sid:83513519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650420)"; flow:established,from_client; content:"GET"; http_method; content:"/duai/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"osttinc.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650420/; classtype:trojan-activity;sid:83513520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650421)"; flow:established,from_client; content:"GET"; http_method; content:"/oro/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"skyparktravel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650421/; classtype:trojan-activity;sid:83513521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650408)"; flow:established,from_client; content:"GET"; http_method; content:"/ado/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shilhaandara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650408/; classtype:trojan-activity;sid:83513508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650409)"; flow:established,from_client; content:"GET"; http_method; content:"/uaml/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"standoutuk.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650409/; classtype:trojan-activity;sid:83513509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650410)"; flow:established,from_client; content:"GET"; http_method; content:"/ltt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"altaknyia.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650410/; classtype:trojan-activity;sid:83513510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650411)"; flow:established,from_client; content:"GET"; http_method; content:"/lt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"castlecarrent.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650411/; classtype:trojan-activity;sid:83513511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650412)"; flow:established,from_client; content:"GET"; http_method; content:"/ed/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"crystaldba.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650412/; classtype:trojan-activity;sid:83513512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650413)"; flow:established,from_client; content:"GET"; http_method; content:"/iaqu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tomjal.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650413/; classtype:trojan-activity;sid:83513513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650414)"; flow:established,from_client; content:"GET"; http_method; content:"/vme/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"junglekitchen.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650414/; classtype:trojan-activity;sid:83513514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650415)"; flow:established,from_client; content:"GET"; http_method; content:"/anf/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"experienciamercedes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650415/; classtype:trojan-activity;sid:83513515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650416)"; flow:established,from_client; content:"GET"; http_method; content:"/crn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"batsamco.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650416/; classtype:trojan-activity;sid:83513516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650417)"; flow:established,from_client; content:"GET"; http_method; content:"/is/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"deerwatches.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650417/; classtype:trojan-activity;sid:83513517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650407)"; flow:established,from_client; content:"GET"; http_method; content:"/vpn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cutacut.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650407/; classtype:trojan-activity;sid:83513507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650405)"; flow:established,from_client; content:"GET"; http_method; content:"/udt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"goromgorom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650405/; classtype:trojan-activity;sid:83513505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650406)"; flow:established,from_client; content:"GET"; http_method; content:"/tc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"salesoxigen.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650406/; classtype:trojan-activity;sid:83513506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650399)"; flow:established,from_client; content:"GET"; http_method; content:"/vst/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"unimarkme.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650399/; classtype:trojan-activity;sid:83513499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650400)"; flow:established,from_client; content:"GET"; http_method; content:"/li/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"success.org.pk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650400/; classtype:trojan-activity;sid:83513500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650401)"; flow:established,from_client; content:"GET"; http_method; content:"/oio/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newheightspharma.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650401/; classtype:trojan-activity;sid:83513501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650402)"; flow:established,from_client; content:"GET"; http_method; content:"/euoq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"directaconsultores.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650402/; classtype:trojan-activity;sid:83513502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650403)"; flow:established,from_client; content:"GET"; http_method; content:"/aeti/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hdedutools.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650403/; classtype:trojan-activity;sid:83513503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650404)"; flow:established,from_client; content:"GET"; http_method; content:"/cqau/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cryptogueil.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650404/; classtype:trojan-activity;sid:83513504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650396)"; flow:established,from_client; content:"GET"; http_method; content:"/sieo/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"safrat-alriyadh.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650396/; classtype:trojan-activity;sid:83513496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650397)"; flow:established,from_client; content:"GET"; http_method; content:"/autu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kardeslerboncukhediyelik.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650397/; classtype:trojan-activity;sid:83513497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650398)"; flow:established,from_client; content:"GET"; http_method; content:"/ncm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wefoundworld.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650398/; classtype:trojan-activity;sid:83513498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650394)"; flow:established,from_client; content:"GET"; http_method; content:"/qo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blueplanetcanada.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650394/; classtype:trojan-activity;sid:83513494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650395)"; flow:established,from_client; content:"GET"; http_method; content:"/qiu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ambassadorsofislam.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650395/; classtype:trojan-activity;sid:83513495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650392)"; flow:established,from_client; content:"GET"; http_method; content:"/te/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"basenaija.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650392/; classtype:trojan-activity;sid:83513492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650393)"; flow:established,from_client; content:"GET"; http_method; content:"/mt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wptckylm.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650393/; classtype:trojan-activity;sid:83513493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650387)"; flow:established,from_client; content:"GET"; http_method; content:"/lims/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cgscoaching.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650387/; classtype:trojan-activity;sid:83513487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650388)"; flow:established,from_client; content:"GET"; http_method; content:"/eee/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ufagold.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650388/; classtype:trojan-activity;sid:83513488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650389)"; flow:established,from_client; content:"GET"; http_method; content:"/me/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"chinformatique-dz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650389/; classtype:trojan-activity;sid:83513489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650390)"; flow:established,from_client; content:"GET"; http_method; content:"/leu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"busaracenter.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650390/; classtype:trojan-activity;sid:83513490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650391)"; flow:established,from_client; content:"GET"; http_method; content:"/tde/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hecfexpo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650391/; classtype:trojan-activity;sid:83513491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650383)"; flow:established,from_client; content:"GET"; http_method; content:"/oqau/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nativeinfotech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650383/; classtype:trojan-activity;sid:83513483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650384)"; flow:established,from_client; content:"GET"; http_method; content:"/lt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ahmadmassoud.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650384/; classtype:trojan-activity;sid:83513484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650385)"; flow:established,from_client; content:"GET"; http_method; content:"/fgmi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"errorsworld.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650385/; classtype:trojan-activity;sid:83513485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650386)"; flow:established,from_client; content:"GET"; http_method; content:"/es/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"techforguru.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650386/; classtype:trojan-activity;sid:83513486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650378)"; flow:established,from_client; content:"GET"; http_method; content:"/tu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"shirabu.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650378/; classtype:trojan-activity;sid:83513478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650379)"; flow:established,from_client; content:"GET"; http_method; content:"/tlu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"launchfxm.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650379/; classtype:trojan-activity;sid:83513479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650380)"; flow:established,from_client; content:"GET"; http_method; content:"/pt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"biocoreopen.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650380/; classtype:trojan-activity;sid:83513480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650381)"; flow:established,from_client; content:"GET"; http_method; content:"/ule/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"theheadsoccerunblocked.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650381/; classtype:trojan-activity;sid:83513481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650382)"; flow:established,from_client; content:"GET"; http_method; content:"/iu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"electrofalcon.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650382/; classtype:trojan-activity;sid:83513482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650374)"; flow:established,from_client; content:"GET"; http_method; content:"/ei/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ejbreneman.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650374/; classtype:trojan-activity;sid:83513474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650375)"; flow:established,from_client; content:"GET"; http_method; content:"/duon/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hotdelivery.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650375/; classtype:trojan-activity;sid:83513475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650376)"; flow:established,from_client; content:"GET"; http_method; content:"/enec/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"muslimfinance.co.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650376/; classtype:trojan-activity;sid:83513476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650377)"; flow:established,from_client; content:"GET"; http_method; content:"/eui/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vccrp.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650377/; classtype:trojan-activity;sid:83513477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650372)"; flow:established,from_client; content:"GET"; http_method; content:"/ui/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"plaza-center.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650372/; classtype:trojan-activity;sid:83513472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650373)"; flow:established,from_client; content:"GET"; http_method; content:"/slit/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"chrisbernardproperties.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650373/; classtype:trojan-activity;sid:83513473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650369)"; flow:established,from_client; content:"GET"; http_method; content:"/dsai/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"getpaid247.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650369/; classtype:trojan-activity;sid:83513469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650370)"; flow:established,from_client; content:"GET"; http_method; content:"/ipm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cbcmodesto.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650370/; classtype:trojan-activity;sid:83513470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650371)"; flow:established,from_client; content:"GET"; http_method; content:"/uu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"allamerican-hi.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650371/; classtype:trojan-activity;sid:83513471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650367)"; flow:established,from_client; content:"GET"; http_method; content:"/emu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"religionobserver.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650367/; classtype:trojan-activity;sid:83513467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650368)"; flow:established,from_client; content:"GET"; http_method; content:"/usa/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"drpetertio.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650368/; classtype:trojan-activity;sid:83513468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650365)"; flow:established,from_client; content:"GET"; http_method; content:"/uis/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"conceptacademia.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650365/; classtype:trojan-activity;sid:83513465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650366)"; flow:established,from_client; content:"GET"; http_method; content:"/iqsd/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"artisticheights.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650366/; classtype:trojan-activity;sid:83513466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650361)"; flow:established,from_client; content:"GET"; http_method; content:"/cin/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"designzbox.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650361/; classtype:trojan-activity;sid:83513461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650362)"; flow:established,from_client; content:"GET"; http_method; content:"/mr/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"curemedicals.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650362/; classtype:trojan-activity;sid:83513462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650363)"; flow:established,from_client; content:"GET"; http_method; content:"/so/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"peasx.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650363/; classtype:trojan-activity;sid:83513463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650364)"; flow:established,from_client; content:"GET"; http_method; content:"/ie/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dejandohuellasintheworld.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650364/; classtype:trojan-activity;sid:83513464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650357)"; flow:established,from_client; content:"GET"; http_method; content:"/ttu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bibianos.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650357/; classtype:trojan-activity;sid:83513457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650358)"; flow:established,from_client; content:"GET"; http_method; content:"/mcom/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wismaengltd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650358/; classtype:trojan-activity;sid:83513458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650359)"; flow:established,from_client; content:"GET"; http_method; content:"/lhh/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"osam.org.ar"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650359/; classtype:trojan-activity;sid:83513459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650360)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aadarshtechnosoft.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650360/; classtype:trojan-activity;sid:83513460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650353)"; flow:established,from_client; content:"GET"; http_method; content:"/lnt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"prosoftitservices.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650353/; classtype:trojan-activity;sid:83513453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650354)"; flow:established,from_client; content:"GET"; http_method; content:"/oeu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"windsonstaffing.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650354/; classtype:trojan-activity;sid:83513454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650355)"; flow:established,from_client; content:"GET"; http_method; content:"/tno/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"grupo-cala.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650355/; classtype:trojan-activity;sid:83513455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650356)"; flow:established,from_client; content:"GET"; http_method; content:"/tem/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"directories.net.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650356/; classtype:trojan-activity;sid:83513456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650343)"; flow:established,from_client; content:"GET"; http_method; content:"/ep/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"theclearclass.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650343/; classtype:trojan-activity;sid:83513443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650344)"; flow:established,from_client; content:"GET"; http_method; content:"/ovll/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mszjapan.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650344/; classtype:trojan-activity;sid:83513444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650345)"; flow:established,from_client; content:"GET"; http_method; content:"/is/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"thecrescentschools.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650345/; classtype:trojan-activity;sid:83513445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650346)"; flow:established,from_client; content:"GET"; http_method; content:"/idte/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"melaniegowen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650346/; classtype:trojan-activity;sid:83513446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650347)"; flow:established,from_client; content:"GET"; http_method; content:"/oq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wiztecbd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650347/; classtype:trojan-activity;sid:83513447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650348)"; flow:established,from_client; content:"GET"; http_method; content:"/nid/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"massive-electronics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650348/; classtype:trojan-activity;sid:83513448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650349)"; flow:established,from_client; content:"GET"; http_method; content:"/cua/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"albarakatilaw.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650349/; classtype:trojan-activity;sid:83513449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650350)"; flow:established,from_client; content:"GET"; http_method; content:"/it/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"yellowsisihub.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650350/; classtype:trojan-activity;sid:83513450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650351)"; flow:established,from_client; content:"GET"; http_method; content:"/rru/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tiblej.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650351/; classtype:trojan-activity;sid:83513451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650352)"; flow:established,from_client; content:"GET"; http_method; content:"/eo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lenanka.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650352/; classtype:trojan-activity;sid:83513452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650342)"; flow:established,from_client; content:"GET"; http_method; content:"/dlpa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nidanhospital.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650342/; classtype:trojan-activity;sid:83513442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650338)"; flow:established,from_client; content:"GET"; http_method; content:"/atse/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tipsfreehealth.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650338/; classtype:trojan-activity;sid:83513438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650339)"; flow:established,from_client; content:"GET"; http_method; content:"/eru/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"esjpakistan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650339/; classtype:trojan-activity;sid:83513439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650340)"; flow:established,from_client; content:"GET"; http_method; content:"/uu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ukecpakistan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650340/; classtype:trojan-activity;sid:83513440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650341)"; flow:established,from_client; content:"GET"; http_method; content:"/nmi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"motionindustrials.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650341/; classtype:trojan-activity;sid:83513441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650332)"; flow:established,from_client; content:"GET"; http_method; content:"/iiit/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bcqatar.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650332/; classtype:trojan-activity;sid:83513432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650333)"; flow:established,from_client; content:"GET"; http_method; content:"/evud/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cumarefrigeration.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650333/; classtype:trojan-activity;sid:83513433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650334)"; flow:established,from_client; content:"GET"; http_method; content:"/itiu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mayoreomuebles.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650334/; classtype:trojan-activity;sid:83513434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650335)"; flow:established,from_client; content:"GET"; http_method; content:"/no/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"zmqnbags.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650335/; classtype:trojan-activity;sid:83513435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650336)"; flow:established,from_client; content:"GET"; http_method; content:"/ul/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"priyogari.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650336/; classtype:trojan-activity;sid:83513436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650337)"; flow:established,from_client; content:"GET"; http_method; content:"/qus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"irembo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650337/; classtype:trojan-activity;sid:83513437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650329)"; flow:established,from_client; content:"GET"; http_method; content:"/auu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ipisi.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650329/; classtype:trojan-activity;sid:83513429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650330)"; flow:established,from_client; content:"GET"; http_method; content:"/rteo/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"automotivebd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650330/; classtype:trojan-activity;sid:83513430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650331)"; flow:established,from_client; content:"GET"; http_method; content:"/vl/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simaprolatam.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650331/; classtype:trojan-activity;sid:83513431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650322)"; flow:established,from_client; content:"GET"; http_method; content:"/suti/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"espantijos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650322/; classtype:trojan-activity;sid:83513422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650323)"; flow:established,from_client; content:"GET"; http_method; content:"/dinu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"itstoreindia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650323/; classtype:trojan-activity;sid:83513423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650324)"; flow:established,from_client; content:"GET"; http_method; content:"/oqsn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jbsacademy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650324/; classtype:trojan-activity;sid:83513424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650325)"; flow:established,from_client; content:"GET"; http_method; content:"/ac/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"idsexpo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650325/; classtype:trojan-activity;sid:83513425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650326)"; flow:established,from_client; content:"GET"; http_method; content:"/vaa/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shokoufehgholami.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650326/; classtype:trojan-activity;sid:83513426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650327)"; flow:established,from_client; content:"GET"; http_method; content:"/ioit/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wkkengineering.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650327/; classtype:trojan-activity;sid:83513427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650328)"; flow:established,from_client; content:"GET"; http_method; content:"/rs/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tenants.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650328/; classtype:trojan-activity;sid:83513428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650313)"; flow:established,from_client; content:"GET"; http_method; content:"/aul/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"boldpak.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650313/; classtype:trojan-activity;sid:83513413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650314)"; flow:established,from_client; content:"GET"; http_method; content:"/ooai/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"restaurant-lavie.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650314/; classtype:trojan-activity;sid:83513414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650315)"; flow:established,from_client; content:"GET"; http_method; content:"/pie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sahwalaws.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650315/; classtype:trojan-activity;sid:83513415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650316)"; flow:established,from_client; content:"GET"; http_method; content:"/iipt/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nooranbeauty.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650316/; classtype:trojan-activity;sid:83513416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650317)"; flow:established,from_client; content:"GET"; http_method; content:"/nuq/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"salemscientificlabs.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650317/; classtype:trojan-activity;sid:83513417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650318)"; flow:established,from_client; content:"GET"; http_method; content:"/oso/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fahmy-group.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650318/; classtype:trojan-activity;sid:83513418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650319)"; flow:established,from_client; content:"GET"; http_method; content:"/qe/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"perakamedia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650319/; classtype:trojan-activity;sid:83513419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650320)"; flow:established,from_client; content:"GET"; http_method; content:"/in/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"allegroicecream.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650320/; classtype:trojan-activity;sid:83513420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650321)"; flow:established,from_client; content:"GET"; http_method; content:"/rnas/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hurghadamuseum.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650321/; classtype:trojan-activity;sid:83513421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650309)"; flow:established,from_client; content:"GET"; http_method; content:"/on/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"book4noon.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650309/; classtype:trojan-activity;sid:83513409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650310)"; flow:established,from_client; content:"GET"; http_method; content:"/pgot/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"indianrobostore.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650310/; classtype:trojan-activity;sid:83513410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650311)"; flow:established,from_client; content:"GET"; http_method; content:"/iomq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eagleuhd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650311/; classtype:trojan-activity;sid:83513411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650312)"; flow:established,from_client; content:"GET"; http_method; content:"/ebaq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"recrealtor.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650312/; classtype:trojan-activity;sid:83513412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.225.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650308/; classtype:trojan-activity;sid:83513408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.238.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650307/; classtype:trojan-activity;sid:83513407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650306/; classtype:trojan-activity;sid:83513406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.154.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650304/; classtype:trojan-activity;sid:83513404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.241.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650305/; classtype:trojan-activity;sid:83513405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.80.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650303/; classtype:trojan-activity;sid:83513403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650302/; classtype:trojan-activity;sid:83513402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.227.121.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650301/; classtype:trojan-activity;sid:83513401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.63.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650300/; classtype:trojan-activity;sid:83513400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.126.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650299/; classtype:trojan-activity;sid:83513399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650298/; classtype:trojan-activity;sid:83513398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.108.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650297/; classtype:trojan-activity;sid:83513397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.225.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650296/; classtype:trojan-activity;sid:83513396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.167.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650295/; classtype:trojan-activity;sid:83513395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.20.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650294/; classtype:trojan-activity;sid:83513394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.178.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650293/; classtype:trojan-activity;sid:83513393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.181.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650292/; classtype:trojan-activity;sid:83513392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.43.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650290/; classtype:trojan-activity;sid:83513390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.247.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650291/; classtype:trojan-activity;sid:83513391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.5.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650289/; classtype:trojan-activity;sid:83513389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.63.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650288/; classtype:trojan-activity;sid:83513388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.7.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650287/; classtype:trojan-activity;sid:83513387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.7.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650286/; classtype:trojan-activity;sid:83513386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.243.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650285/; classtype:trojan-activity;sid:83513385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.61.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650283/; classtype:trojan-activity;sid:83513383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.189.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650284/; classtype:trojan-activity;sid:83513384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650282/; classtype:trojan-activity;sid:83513382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.42.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650281/; classtype:trojan-activity;sid:83513381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.12.247.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650280/; classtype:trojan-activity;sid:83513380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.33.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650279/; classtype:trojan-activity;sid:83513379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.155.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650278/; classtype:trojan-activity;sid:83513378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.78.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650277/; classtype:trojan-activity;sid:83513377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.216.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650276/; classtype:trojan-activity;sid:83513376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.114.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650275/; classtype:trojan-activity;sid:83513375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.170.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650273/; classtype:trojan-activity;sid:83513373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.41.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650274/; classtype:trojan-activity;sid:83513374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.33.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650272/; classtype:trojan-activity;sid:83513372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.87.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650271/; classtype:trojan-activity;sid:83513371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.21.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650270/; classtype:trojan-activity;sid:83513370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.176.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650269/; classtype:trojan-activity;sid:83513369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.77.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650268/; classtype:trojan-activity;sid:83513368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650267)"; flow:established,from_client; content:"GET"; http_method; content:"/90/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.189.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650267/; classtype:trojan-activity;sid:83513367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650266)"; flow:established,from_client; content:"GET"; http_method; content:"/mi/mimimimimimimi%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23mimimimimi.doc"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"192.3.189.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650266/; classtype:trojan-activity;sid:83513366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.255.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650265/; classtype:trojan-activity;sid:83513365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.42.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650264/; classtype:trojan-activity;sid:83513364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.118.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650263/; classtype:trojan-activity;sid:83513363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.233.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650262/; classtype:trojan-activity;sid:83513362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650261/; classtype:trojan-activity;sid:83513361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.80.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650260/; classtype:trojan-activity;sid:83513360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.169.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650259/; classtype:trojan-activity;sid:83513359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.178.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650258/; classtype:trojan-activity;sid:83513358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.170.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650257/; classtype:trojan-activity;sid:83513357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.245.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650256/; classtype:trojan-activity;sid:83513356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.87.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650255/; classtype:trojan-activity;sid:83513355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.52.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650254/; classtype:trojan-activity;sid:83513354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650253)"; flow:established,from_client; content:"GET"; http_method; content:"/dqua/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mayoreomuebles.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650253/; classtype:trojan-activity;sid:83513353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650252)"; flow:established,from_client; content:"GET"; http_method; content:"/nuno/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"promotorcyclehelmets.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650252/; classtype:trojan-activity;sid:83513352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650251)"; flow:established,from_client; content:"GET"; http_method; content:"/ole/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"portmapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650251/; classtype:trojan-activity;sid:83513351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650248)"; flow:established,from_client; content:"GET"; http_method; content:"/hcic/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"recrealtor.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650248/; classtype:trojan-activity;sid:83513348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650249)"; flow:established,from_client; content:"GET"; http_method; content:"/ial/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"quranforkids.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650249/; classtype:trojan-activity;sid:83513349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650250)"; flow:established,from_client; content:"GET"; http_method; content:"/cetn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aamalapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650250/; classtype:trojan-activity;sid:83513350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650246)"; flow:established,from_client; content:"GET"; http_method; content:"/ua/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dankcity.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650246/; classtype:trojan-activity;sid:83513346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650247)"; flow:established,from_client; content:"GET"; http_method; content:"/aouu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sherwoodsproperty.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650247/; classtype:trojan-activity;sid:83513347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.40.198.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650245/; classtype:trojan-activity;sid:83513345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.190.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650244/; classtype:trojan-activity;sid:83513344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.36.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650242/; classtype:trojan-activity;sid:83513342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.133.94.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650243/; classtype:trojan-activity;sid:83513343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.98.69.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650241/; classtype:trojan-activity;sid:83513341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.121.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650240/; classtype:trojan-activity;sid:83513340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650239)"; flow:established,from_client; content:"GET"; http_method; content:"/download/electronv2.rar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"electrn.lol"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650239/; classtype:trojan-activity;sid:83513339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650238)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=180484f7e1f17ca4|7c|26|7c|resid=180484f7e1f17ca4%21263|7c|26|7c|authkey=anfkmkuma6rsiis"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650238/; classtype:trojan-activity;sid:83513338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650237)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=8dae472e4986f3d9|7c|26|7c|resid=8dae472e4986f3d9%21194|7c|26|7c|authkey=ajpf6azhwu6vn88"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650237/; classtype:trojan-activity;sid:83513337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650235)"; flow:established,from_client; content:"GET"; http_method; content:"/download/amplitube%205.0.3%20crack%20%20%20keygen%202021!%20downloader.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"crackload.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650235/; classtype:trojan-activity;sid:83513335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/iobit%20smart%20defrag%207%20pro%20%20%20dongle%20downloader.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"crackload.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650236/; classtype:trojan-activity;sid:83513336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650234)"; flow:established,from_client; content:"GET"; http_method; content:"/download/finale%2027.0.0.710%20crack%20key%20%20%20torrent%202021%20(full%20version)%20downloader.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"crackload.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650234/; classtype:trojan-activity;sid:83513334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650233)"; flow:established,from_client; content:"GET"; http_method; content:"/ipax"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.235.39.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650233/; classtype:trojan-activity;sid:83513333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.190.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650232/; classtype:trojan-activity;sid:83513332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.13.248.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650231/; classtype:trojan-activity;sid:83513331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.49.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650230/; classtype:trojan-activity;sid:83513330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.235.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650229/; classtype:trojan-activity;sid:83513329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.33.91.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650228/; classtype:trojan-activity;sid:83513328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.236.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650227/; classtype:trojan-activity;sid:83513327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650226/; classtype:trojan-activity;sid:83513326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.16.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650225/; classtype:trojan-activity;sid:83513325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.187.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650224/; classtype:trojan-activity;sid:83513324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650223)"; flow:established,from_client; content:"GET"; http_method; content:"/gdelawvxwq/dropitboris.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"artejoy.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650223/; classtype:trojan-activity;sid:83513323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650222)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/ryryryryryryyryry"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.86.229.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650222/; classtype:trojan-activity;sid:83513322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.178.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650221/; classtype:trojan-activity;sid:83513321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.84.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650220/; classtype:trojan-activity;sid:83513320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650219)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xzbtmnixtkfv"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650219/; classtype:trojan-activity;sid:83513319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.188.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650218/; classtype:trojan-activity;sid:83513318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.24.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650217/; classtype:trojan-activity;sid:83513317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.218.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650216/; classtype:trojan-activity;sid:83513316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.22.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650215/; classtype:trojan-activity;sid:83513315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650213/; classtype:trojan-activity;sid:83513313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.219.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650214/; classtype:trojan-activity;sid:83513314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650212/; classtype:trojan-activity;sid:83513312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.139.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650210/; classtype:trojan-activity;sid:83513310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.100.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650211/; classtype:trojan-activity;sid:83513311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.189.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650209/; classtype:trojan-activity;sid:83513309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.165.56.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650208/; classtype:trojan-activity;sid:83513308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650207/; classtype:trojan-activity;sid:83513307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.154.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650206/; classtype:trojan-activity;sid:83513306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.154.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650205/; classtype:trojan-activity;sid:83513305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.44.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650204/; classtype:trojan-activity;sid:83513304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650202/; classtype:trojan-activity;sid:83513302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.243.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650203/; classtype:trojan-activity;sid:83513303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.120.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650201/; classtype:trojan-activity;sid:83513301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.213.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650200/; classtype:trojan-activity;sid:83513300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650199/; classtype:trojan-activity;sid:83513299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.177.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650198/; classtype:trojan-activity;sid:83513298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650197/; classtype:trojan-activity;sid:83513297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650196/; classtype:trojan-activity;sid:83513296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.174.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650195/; classtype:trojan-activity;sid:83513295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.84.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650194/; classtype:trojan-activity;sid:83513294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.210.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650193/; classtype:trojan-activity;sid:83513293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.154.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650192/; classtype:trojan-activity;sid:83513292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.84.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650191/; classtype:trojan-activity;sid:83513291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.0.42.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650190/; classtype:trojan-activity;sid:83513290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.127.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650189/; classtype:trojan-activity;sid:83513289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650188/; classtype:trojan-activity;sid:83513288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.149.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650187/; classtype:trojan-activity;sid:83513287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.110.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650186/; classtype:trojan-activity;sid:83513286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.163.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650185/; classtype:trojan-activity;sid:83513285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650184)"; flow:established,from_client; content:"GET"; http_method; content:"//motionindustrials.com/pie/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ttps"; http_host; depth:4; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650184/; classtype:trojan-activity;sid:83513284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.252.40.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650183/; classtype:trojan-activity;sid:83513283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.161.160.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650182/; classtype:trojan-activity;sid:83513282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.145.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650180/; classtype:trojan-activity;sid:83513280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.124.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650181/; classtype:trojan-activity;sid:83513281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.138.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650179/; classtype:trojan-activity;sid:83513279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.136.208.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650178/; classtype:trojan-activity;sid:83513278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.153.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650177/; classtype:trojan-activity;sid:83513277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.102.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650176/; classtype:trojan-activity;sid:83513276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.150.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650174/; classtype:trojan-activity;sid:83513274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.225.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650175/; classtype:trojan-activity;sid:83513275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650172)"; flow:established,from_client; content:"GET"; http_method; content:"/ino/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"filingnepal.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650172/; classtype:trojan-activity;sid:83513272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650173)"; flow:established,from_client; content:"GET"; http_method; content:"/ooes/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vainavitechnologies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650173/; classtype:trojan-activity;sid:83513273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650171)"; flow:established,from_client; content:"GET"; http_method; content:"/teu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"massive-electronics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650171/; classtype:trojan-activity;sid:83513271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650169)"; flow:established,from_client; content:"GET"; http_method; content:"/iuan/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"designzbox.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650169/; classtype:trojan-activity;sid:83513269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650170)"; flow:established,from_client; content:"GET"; http_method; content:"/rps/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chinformatique-dz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650170/; classtype:trojan-activity;sid:83513270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650166)"; flow:established,from_client; content:"GET"; http_method; content:"/uoq/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sciforschenonline.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650166/; classtype:trojan-activity;sid:83513266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650167)"; flow:established,from_client; content:"GET"; http_method; content:"/am/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tudien.org.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650167/; classtype:trojan-activity;sid:83513267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650168)"; flow:established,from_client; content:"GET"; http_method; content:"/stlu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"patmypets.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650168/; classtype:trojan-activity;sid:83513268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650162)"; flow:established,from_client; content:"GET"; http_method; content:"/ts/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"basenaija.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650162/; classtype:trojan-activity;sid:83513262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650163)"; flow:established,from_client; content:"GET"; http_method; content:"/apt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"allamerican-hi.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650163/; classtype:trojan-activity;sid:83513263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650164)"; flow:established,from_client; content:"GET"; http_method; content:"/cou/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wptckylm.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650164/; classtype:trojan-activity;sid:83513264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650165)"; flow:established,from_client; content:"GET"; http_method; content:"/um/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"electrofalcon.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650165/; classtype:trojan-activity;sid:83513265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650157)"; flow:established,from_client; content:"GET"; http_method; content:"/eq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bricsafricaconsulting.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650157/; classtype:trojan-activity;sid:83513257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650158)"; flow:established,from_client; content:"GET"; http_method; content:"/teve/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nativeinfotech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650158/; classtype:trojan-activity;sid:83513258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650159)"; flow:established,from_client; content:"GET"; http_method; content:"/oe/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"purohitpipes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650159/; classtype:trojan-activity;sid:83513259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tucs/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"treeweb.it"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650160/; classtype:trojan-activity;sid:83513260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650161)"; flow:established,from_client; content:"GET"; http_method; content:"/iarp/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"saharascientific.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650161/; classtype:trojan-activity;sid:83513261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650152)"; flow:established,from_client; content:"GET"; http_method; content:"/iuam/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"centralvalleylaw.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650152/; classtype:trojan-activity;sid:83513252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650153)"; flow:established,from_client; content:"GET"; http_method; content:"/quli/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"osam.org.ar"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650153/; classtype:trojan-activity;sid:83513253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650154)"; flow:established,from_client; content:"GET"; http_method; content:"/vbap/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"directories.net.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650154/; classtype:trojan-activity;sid:83513254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650155)"; flow:established,from_client; content:"GET"; http_method; content:"/qel/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"megacert.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650155/; classtype:trojan-activity;sid:83513255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650156)"; flow:established,from_client; content:"GET"; http_method; content:"/rnd/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"event.abr.org.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650156/; classtype:trojan-activity;sid:83513256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650149)"; flow:established,from_client; content:"GET"; http_method; content:"/ioia/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"launchfxm.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650149/; classtype:trojan-activity;sid:83513249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650150)"; flow:established,from_client; content:"GET"; http_method; content:"/eit/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bibianos.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650150/; classtype:trojan-activity;sid:83513250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650151)"; flow:established,from_client; content:"GET"; http_method; content:"/aeu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"greenreset.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650151/; classtype:trojan-activity;sid:83513251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650140)"; flow:established,from_client; content:"GET"; http_method; content:"/elex/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"suntecwebservices.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650140/; classtype:trojan-activity;sid:83513240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650141)"; flow:established,from_client; content:"GET"; http_method; content:"/int/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tenants.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650141/; classtype:trojan-activity;sid:83513241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650142)"; flow:established,from_client; content:"GET"; http_method; content:"/olim/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"book4noon.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650142/; classtype:trojan-activity;sid:83513242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650143)"; flow:established,from_client; content:"GET"; http_method; content:"/orp/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rsgroupcapital.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650143/; classtype:trojan-activity;sid:83513243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650144)"; flow:established,from_client; content:"GET"; http_method; content:"/th/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"grupo-cala.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650144/; classtype:trojan-activity;sid:83513244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650145)"; flow:established,from_client; content:"GET"; http_method; content:"/lam/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"windsonstaffing.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650145/; classtype:trojan-activity;sid:83513245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650146)"; flow:established,from_client; content:"GET"; http_method; content:"/suit/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"goldsmedia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650146/; classtype:trojan-activity;sid:83513246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650147)"; flow:established,from_client; content:"GET"; http_method; content:"/eltu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"drzak.uk"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650147/; classtype:trojan-activity;sid:83513247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650148)"; flow:established,from_client; content:"GET"; http_method; content:"/eeu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acutweb.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650148/; classtype:trojan-activity;sid:83513248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650137)"; flow:established,from_client; content:"GET"; http_method; content:"/om/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ihubtalent.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650137/; classtype:trojan-activity;sid:83513237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650138)"; flow:established,from_client; content:"GET"; http_method; content:"/au/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"noormakina.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650138/; classtype:trojan-activity;sid:83513238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650139)"; flow:established,from_client; content:"GET"; http_method; content:"/cocu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pointblanknews.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650139/; classtype:trojan-activity;sid:83513239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650136)"; flow:established,from_client; content:"GET"; http_method; content:"/ieb/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ejbreneman.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650136/; classtype:trojan-activity;sid:83513236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650132)"; flow:established,from_client; content:"GET"; http_method; content:"/etet/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"iohp.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650132/; classtype:trojan-activity;sid:83513232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650133)"; flow:established,from_client; content:"GET"; http_method; content:"/tepv/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tomjal.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650133/; classtype:trojan-activity;sid:83513233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650134)"; flow:established,from_client; content:"GET"; http_method; content:"/agfu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thefollyhotel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650134/; classtype:trojan-activity;sid:83513234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650135)"; flow:established,from_client; content:"GET"; http_method; content:"/ia/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cutacut.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650135/; classtype:trojan-activity;sid:83513235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650124)"; flow:established,from_client; content:"GET"; http_method; content:"/aeom/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"atltowingnow.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650124/; classtype:trojan-activity;sid:83513224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650125)"; flow:established,from_client; content:"GET"; http_method; content:"/iemr/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"curemedicals.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650125/; classtype:trojan-activity;sid:83513225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650126)"; flow:established,from_client; content:"GET"; http_method; content:"/me/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"allegroicecream.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650126/; classtype:trojan-activity;sid:83513226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650127)"; flow:established,from_client; content:"GET"; http_method; content:"/uenu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"albarakatilaw.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650127/; classtype:trojan-activity;sid:83513227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650128)"; flow:established,from_client; content:"GET"; http_method; content:"/egi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"skyparktravel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650128/; classtype:trojan-activity;sid:83513228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tees/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"petertio.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650129/; classtype:trojan-activity;sid:83513229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650130)"; flow:established,from_client; content:"GET"; http_method; content:"/sat/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"artisticheights.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650130/; classtype:trojan-activity;sid:83513230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650131)"; flow:established,from_client; content:"GET"; http_method; content:"/itn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nladfk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650131/; classtype:trojan-activity;sid:83513231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650119)"; flow:established,from_client; content:"GET"; http_method; content:"/qid/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"quraniqraacademy.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650119/; classtype:trojan-activity;sid:83513219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650120)"; flow:established,from_client; content:"GET"; http_method; content:"/ue/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bcqatar.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650120/; classtype:trojan-activity;sid:83513220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650121)"; flow:established,from_client; content:"GET"; http_method; content:"/al/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"scaffoldom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650121/; classtype:trojan-activity;sid:83513221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650122)"; flow:established,from_client; content:"GET"; http_method; content:"/xlea/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ab-sol.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650122/; classtype:trojan-activity;sid:83513222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650123)"; flow:established,from_client; content:"GET"; http_method; content:"/ror/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"helptimize.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650123/; classtype:trojan-activity;sid:83513223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650115)"; flow:established,from_client; content:"GET"; http_method; content:"/ams/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"houseofiron.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650115/; classtype:trojan-activity;sid:83513215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650116)"; flow:established,from_client; content:"GET"; http_method; content:"/iocn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"noor786110.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650116/; classtype:trojan-activity;sid:83513216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650117)"; flow:established,from_client; content:"GET"; http_method; content:"/od/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"espantijos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650117/; classtype:trojan-activity;sid:83513217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650118)"; flow:established,from_client; content:"GET"; http_method; content:"/at/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"unimarkme.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650118/; classtype:trojan-activity;sid:83513218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650109)"; flow:established,from_client; content:"GET"; http_method; content:"/gu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ambassadorsofislam.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650109/; classtype:trojan-activity;sid:83513209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650110)"; flow:established,from_client; content:"GET"; http_method; content:"/ntm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"itstoreindia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650110/; classtype:trojan-activity;sid:83513210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650111)"; flow:established,from_client; content:"GET"; http_method; content:"/aelb/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thecrescentschools.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650111/; classtype:trojan-activity;sid:83513211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650112)"; flow:established,from_client; content:"GET"; http_method; content:"/in/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hbcuspbresearch.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650112/; classtype:trojan-activity;sid:83513212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650113)"; flow:established,from_client; content:"GET"; http_method; content:"/uo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"idsexpo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650113/; classtype:trojan-activity;sid:83513213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650114)"; flow:established,from_client; content:"GET"; http_method; content:"/ts/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ogsyazilim.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650114/; classtype:trojan-activity;sid:83513214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650104)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ecotasar.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650104/; classtype:trojan-activity;sid:83513204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650105)"; flow:established,from_client; content:"GET"; http_method; content:"/pie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"motionindustrials.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650105/; classtype:trojan-activity;sid:83513205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650106)"; flow:established,from_client; content:"GET"; http_method; content:"/qis/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"beautychoose.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650106/; classtype:trojan-activity;sid:83513206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650107)"; flow:established,from_client; content:"GET"; http_method; content:"/no/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"allpinless.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650107/; classtype:trojan-activity;sid:83513207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650108)"; flow:established,from_client; content:"GET"; http_method; content:"/ubl/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lakebrillac.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650108/; classtype:trojan-activity;sid:83513208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650102)"; flow:established,from_client; content:"GET"; http_method; content:"/di/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nidanhospital.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650102/; classtype:trojan-activity;sid:83513202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650103)"; flow:established,from_client; content:"GET"; http_method; content:"/nhut/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"naijamp3tv.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650103/; classtype:trojan-activity;sid:83513203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650101)"; flow:established,from_client; content:"GET"; http_method; content:"/ar/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rabbicominternet.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650101/; classtype:trojan-activity;sid:83513201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650099)"; flow:established,from_client; content:"GET"; http_method; content:"/vte/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"biocoreopen.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650099/; classtype:trojan-activity;sid:83513199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650100)"; flow:established,from_client; content:"GET"; http_method; content:"/eo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ahmadmassoud.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650100/; classtype:trojan-activity;sid:83513200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650096)"; flow:established,from_client; content:"GET"; http_method; content:"/nmi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kcac.org.au"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650096/; classtype:trojan-activity;sid:83513196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650097)"; flow:established,from_client; content:"GET"; http_method; content:"/qu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cgscoaching.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650097/; classtype:trojan-activity;sid:83513197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650098)"; flow:established,from_client; content:"GET"; http_method; content:"/one/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"frey2.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650098/; classtype:trojan-activity;sid:83513198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650083)"; flow:established,from_client; content:"GET"; http_method; content:"/eas/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hecfexpo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650083/; classtype:trojan-activity;sid:83513183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650084)"; flow:established,from_client; content:"GET"; http_method; content:"/tt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rite-tags.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650084/; classtype:trojan-activity;sid:83513184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650085)"; flow:established,from_client; content:"GET"; http_method; content:"/su/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mszjapan.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650085/; classtype:trojan-activity;sid:83513185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650086)"; flow:established,from_client; content:"GET"; http_method; content:"/iull/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"armieaccessori.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650086/; classtype:trojan-activity;sid:83513186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650087)"; flow:established,from_client; content:"GET"; http_method; content:"/ns/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"prosoftitservices.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650087/; classtype:trojan-activity;sid:83513187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650088)"; flow:established,from_client; content:"GET"; http_method; content:"/mue/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"theheadsoccerunblocked.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650088/; classtype:trojan-activity;sid:83513188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650089)"; flow:established,from_client; content:"GET"; http_method; content:"/iee/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wilshirelabs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650089/; classtype:trojan-activity;sid:83513189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650090)"; flow:established,from_client; content:"GET"; http_method; content:"/prra/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"qadonline.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650090/; classtype:trojan-activity;sid:83513190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650091)"; flow:established,from_client; content:"GET"; http_method; content:"/os/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"indianrobostore.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650091/; classtype:trojan-activity;sid:83513191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650092)"; flow:established,from_client; content:"GET"; http_method; content:"/mhg/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"orlaterole.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650092/; classtype:trojan-activity;sid:83513192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650093)"; flow:established,from_client; content:"GET"; http_method; content:"/ui/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ortopediawong.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650093/; classtype:trojan-activity;sid:83513193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650094)"; flow:established,from_client; content:"GET"; http_method; content:"/re/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nawairuddeen.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650094/; classtype:trojan-activity;sid:83513194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650095)"; flow:established,from_client; content:"GET"; http_method; content:"/ouu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"salesoxigen.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650095/; classtype:trojan-activity;sid:83513195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650073)"; flow:established,from_client; content:"GET"; http_method; content:"/in/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"fahmy-group.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650073/; classtype:trojan-activity;sid:83513173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650074)"; flow:established,from_client; content:"GET"; http_method; content:"/rm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nooranbeauty.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650074/; classtype:trojan-activity;sid:83513174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650075)"; flow:established,from_client; content:"GET"; http_method; content:"/peoa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ma4salebyowner.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650075/; classtype:trojan-activity;sid:83513175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650076)"; flow:established,from_client; content:"GET"; http_method; content:"/plim/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"emmanuelgroup.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650076/; classtype:trojan-activity;sid:83513176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650077)"; flow:established,from_client; content:"GET"; http_method; content:"/atu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newbeginningsshc.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650077/; classtype:trojan-activity;sid:83513177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650078)"; flow:established,from_client; content:"GET"; http_method; content:"/ml/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ukecpakistan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650078/; classtype:trojan-activity;sid:83513178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650079)"; flow:established,from_client; content:"GET"; http_method; content:"/aa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"errorsworld.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650079/; classtype:trojan-activity;sid:83513179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650080)"; flow:established,from_client; content:"GET"; http_method; content:"/enls/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ciptarapoto.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650080/; classtype:trojan-activity;sid:83513180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650081)"; flow:established,from_client; content:"GET"; http_method; content:"/iq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"samaafm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650081/; classtype:trojan-activity;sid:83513181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650082)"; flow:established,from_client; content:"GET"; http_method; content:"/ca/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bizztechinfo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650082/; classtype:trojan-activity;sid:83513182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650067)"; flow:established,from_client; content:"GET"; http_method; content:"/af/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"reposebay.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650067/; classtype:trojan-activity;sid:83513167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650068)"; flow:established,from_client; content:"GET"; http_method; content:"/in/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"melaniegowen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650068/; classtype:trojan-activity;sid:83513168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650069)"; flow:established,from_client; content:"GET"; http_method; content:"/imi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"muslimfinance.co.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650069/; classtype:trojan-activity;sid:83513169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650070)"; flow:established,from_client; content:"GET"; http_method; content:"/ep/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wefoundworld.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650070/; classtype:trojan-activity;sid:83513170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650071)"; flow:established,from_client; content:"GET"; http_method; content:"/qute/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"abhyasana.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650071/; classtype:trojan-activity;sid:83513171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650072)"; flow:established,from_client; content:"GET"; http_method; content:"/ae/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"restaurant-lavie.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650072/; classtype:trojan-activity;sid:83513172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.210.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650066/; classtype:trojan-activity;sid:83513166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650065)"; flow:established,from_client; content:"GET"; http_method; content:"/at/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sahwalaws.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650065/; classtype:trojan-activity;sid:83513165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650064/; classtype:trojan-activity;sid:83513164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.47.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650063/; classtype:trojan-activity;sid:83513163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.243.160.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650062/; classtype:trojan-activity;sid:83513162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.42.125.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650061/; classtype:trojan-activity;sid:83513161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.217.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650060/; classtype:trojan-activity;sid:83513160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650059/; classtype:trojan-activity;sid:83513159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.35.56.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650058/; classtype:trojan-activity;sid:83513158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650057/; classtype:trojan-activity;sid:83513157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650056)"; flow:established,from_client; content:"GET"; http_method; content:"/een/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"plaza-center.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650056/; classtype:trojan-activity;sid:83513156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.153.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650055/; classtype:trojan-activity;sid:83513155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.234.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650054/; classtype:trojan-activity;sid:83513154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650053/; classtype:trojan-activity;sid:83513153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.180.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650052/; classtype:trojan-activity;sid:83513152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.21.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650051/; classtype:trojan-activity;sid:83513151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.220.34.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650050/; classtype:trojan-activity;sid:83513150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.141.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650049/; classtype:trojan-activity;sid:83513149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650046)"; flow:established,from_client; content:"GET"; http_method; content:"/c72v7/e793"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.121.17.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650046/; classtype:trojan-activity;sid:83513146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650047)"; flow:established,from_client; content:"GET"; http_method; content:"/5uo/e793"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.121.16.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650047/; classtype:trojan-activity;sid:83513147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650048)"; flow:established,from_client; content:"GET"; http_method; content:"/atbf/e793"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"151.236.28.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650048/; classtype:trojan-activity;sid:83513148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650045)"; flow:established,from_client; content:"GET"; http_method; content:"/gte/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nativespeak.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650045/; classtype:trojan-activity;sid:83513145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650041)"; flow:established,from_client; content:"GET"; http_method; content:"/jjpevrsmet/jjpevrsmet.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"desireautoservice.ae"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650041/; classtype:trojan-activity;sid:83513141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650042)"; flow:established,from_client; content:"GET"; http_method; content:"/nhpybtfjnz/nhpybtfjnz.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sonictax.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650042/; classtype:trojan-activity;sid:83513142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650043)"; flow:established,from_client; content:"GET"; http_method; content:"/nvwnotxwhi/nvwnotxwhi.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"espacoflora.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650043/; classtype:trojan-activity;sid:83513143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650044)"; flow:established,from_client; content:"GET"; http_method; content:"/kqmnijnipa/kqmnijnipa.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"rosneft-armenia.am"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650044/; classtype:trojan-activity;sid:83513144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650036)"; flow:established,from_client; content:"GET"; http_method; content:"/ptstwupoul/ptstwupoul.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"promolaser.com.mx"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650036/; classtype:trojan-activity;sid:83513136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650037)"; flow:established,from_client; content:"GET"; http_method; content:"/jbtadmrmko/jbtadmrmko.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"weboceantech.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650037/; classtype:trojan-activity;sid:83513137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650038)"; flow:established,from_client; content:"GET"; http_method; content:"/jlvprqoyyh/jlvprqoyyh.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"alhoja.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650038/; classtype:trojan-activity;sid:83513138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650039)"; flow:established,from_client; content:"GET"; http_method; content:"/nmxvncowyb/nmxvncowyb.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"skyline-solutions.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650039/; classtype:trojan-activity;sid:83513139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650040)"; flow:established,from_client; content:"GET"; http_method; content:"/drhxrpuicl/drhxrpuicl.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"spandhana.co.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650040/; classtype:trojan-activity;sid:83513140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650034)"; flow:established,from_client; content:"GET"; http_method; content:"/iuvgtrlpyv/iuvgtrlpyv.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"bmkoin.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650034/; classtype:trojan-activity;sid:83513134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650035)"; flow:established,from_client; content:"GET"; http_method; content:"/mumkwxadec/mumkwxadec.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"promoverte.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650035/; classtype:trojan-activity;sid:83513135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650031)"; flow:established,from_client; content:"GET"; http_method; content:"/fzpxlhizxp/fzpxlhizxp.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"realizemyproject.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650031/; classtype:trojan-activity;sid:83513131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650032)"; flow:established,from_client; content:"GET"; http_method; content:"/rsdadvvsvy/rsdadvvsvy.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"bmkoin.ch"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650032/; classtype:trojan-activity;sid:83513132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650033)"; flow:established,from_client; content:"GET"; http_method; content:"/iebcqyhjfa/iebcqyhjfa.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"assurancetp.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650033/; classtype:trojan-activity;sid:83513133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650030)"; flow:established,from_client; content:"GET"; http_method; content:"/kqqhgrymhg/kqqhgrymhg.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"masol.fr"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650030/; classtype:trojan-activity;sid:83513130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.203.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650029/; classtype:trojan-activity;sid:83513129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.102.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650028/; classtype:trojan-activity;sid:83513128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.82.142.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650027/; classtype:trojan-activity;sid:83513127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650026)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|impresion=videocadenasur@hotmail.com|7c|26|7c|id=10zlbqupbye6c-52henataib2pellsg1z"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650026/; classtype:trojan-activity;sid:83513126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650025)"; flow:established,from_client; content:"GET"; http_method; content:"/api/mockv2/ddd.json"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"requestly.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650025/; classtype:trojan-activity;sid:83513125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.238.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650024/; classtype:trojan-activity;sid:83513124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.202.106.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650023/; classtype:trojan-activity;sid:83513123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650022/; classtype:trojan-activity;sid:83513122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.207.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650021/; classtype:trojan-activity;sid:83513121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.180.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650020/; classtype:trojan-activity;sid:83513120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.153.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650019/; classtype:trojan-activity;sid:83513119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.124.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650018/; classtype:trojan-activity;sid:83513118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650017/; classtype:trojan-activity;sid:83513117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.161.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650016/; classtype:trojan-activity;sid:83513116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.136.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650015/; classtype:trojan-activity;sid:83513115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.153.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650014/; classtype:trojan-activity;sid:83513114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.206.78.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650013/; classtype:trojan-activity;sid:83513113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.203.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650012/; classtype:trojan-activity;sid:83513112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.213.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650011/; classtype:trojan-activity;sid:83513111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.169.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650010/; classtype:trojan-activity;sid:83513110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650009/; classtype:trojan-activity;sid:83513109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650008)"; flow:established,from_client; content:"GET"; http_method; content:"/obizx.doc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.180.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650008/; classtype:trojan-activity;sid:83513108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.230.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650007/; classtype:trojan-activity;sid:83513107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.241.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650006/; classtype:trojan-activity;sid:83513106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.38.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650005/; classtype:trojan-activity;sid:83513105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.155.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650004/; classtype:trojan-activity;sid:83513104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.116.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650003/; classtype:trojan-activity;sid:83513103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.175.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650002/; classtype:trojan-activity;sid:83513102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.166.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650001/; classtype:trojan-activity;sid:83513101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2650000)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.240.238.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2650000/; classtype:trojan-activity;sid:83513100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.255.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649999/; classtype:trojan-activity;sid:83513099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.125.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649998/; classtype:trojan-activity;sid:83513098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.177.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649997/; classtype:trojan-activity;sid:83513097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.255.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649996/; classtype:trojan-activity;sid:83513096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.1.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649995/; classtype:trojan-activity;sid:83513095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649994/; classtype:trojan-activity;sid:83513094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649993/; classtype:trojan-activity;sid:83513093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.64.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649992/; classtype:trojan-activity;sid:83513092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.157.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649991/; classtype:trojan-activity;sid:83513091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.236.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649990/; classtype:trojan-activity;sid:83513090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.230.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649989/; classtype:trojan-activity;sid:83513089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.155.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649988/; classtype:trojan-activity;sid:83513088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.90.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649987/; classtype:trojan-activity;sid:83513087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.239.184.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649985/; classtype:trojan-activity;sid:83513085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649986/; classtype:trojan-activity;sid:83513086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.91.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649984/; classtype:trojan-activity;sid:83513084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.242.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649983/; classtype:trojan-activity;sid:83513083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.89.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649982/; classtype:trojan-activity;sid:83513082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.184.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649981/; classtype:trojan-activity;sid:83513081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.1.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649980/; classtype:trojan-activity;sid:83513080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.166.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649979/; classtype:trojan-activity;sid:83513079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649978)"; flow:established,from_client; content:"GET"; http_method; content:"/vaiinglatesp.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vaigeral.s3.eu-west-3.amazonaws.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649978/; classtype:trojan-activity;sid:83513078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.216.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649977/; classtype:trojan-activity;sid:83513077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.236.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649976/; classtype:trojan-activity;sid:83513076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.87.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649974/; classtype:trojan-activity;sid:83513074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.46.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649975/; classtype:trojan-activity;sid:83513075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.210.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649973/; classtype:trojan-activity;sid:83513073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.247.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649972/; classtype:trojan-activity;sid:83513072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.158.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649971/; classtype:trojan-activity;sid:83513071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.25.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649970/; classtype:trojan-activity;sid:83513070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.158.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649969/; classtype:trojan-activity;sid:83513069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649968/; classtype:trojan-activity;sid:83513068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649967)"; flow:established,from_client; content:"GET"; http_method; content:"/teambzx.doc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649967/; classtype:trojan-activity;sid:83513067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649966/; classtype:trojan-activity;sid:83513066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.132.169.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649965/; classtype:trojan-activity;sid:83513065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649964/; classtype:trojan-activity;sid:83513064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649963/; classtype:trojan-activity;sid:83513063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.213.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649962/; classtype:trojan-activity;sid:83513062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.84.63.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649961/; classtype:trojan-activity;sid:83513061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.70.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649960/; classtype:trojan-activity;sid:83513060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.56.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649959/; classtype:trojan-activity;sid:83513059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.222.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649958/; classtype:trojan-activity;sid:83513058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.137.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649957/; classtype:trojan-activity;sid:83513057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.91.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649956/; classtype:trojan-activity;sid:83513056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.120.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649954/; classtype:trojan-activity;sid:83513054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.242.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649955/; classtype:trojan-activity;sid:83513055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649953)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/illfvfxgfefzhjos17.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.86.229.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649953/; classtype:trojan-activity;sid:83513053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649952)"; flow:established,from_client; content:"GET"; http_method; content:"/45/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.86.229.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649952/; classtype:trojan-activity;sid:83513052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.216.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649951/; classtype:trojan-activity;sid:83513051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.159.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649950/; classtype:trojan-activity;sid:83513050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.53.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649949/; classtype:trojan-activity;sid:83513049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.109.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649948/; classtype:trojan-activity;sid:83513048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.236.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649947/; classtype:trojan-activity;sid:83513047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.252.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649946/; classtype:trojan-activity;sid:83513046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649945/; classtype:trojan-activity;sid:83513045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.127.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649943/; classtype:trojan-activity;sid:83513043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.118.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649944/; classtype:trojan-activity;sid:83513044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.235.105.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649942/; classtype:trojan-activity;sid:83513042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.177.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649941/; classtype:trojan-activity;sid:83513041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649940)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/ryryryryryryyryry%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ryryryyryryyr.doc"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"45.86.229.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649940/; classtype:trojan-activity;sid:83513040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.158.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649939/; classtype:trojan-activity;sid:83513039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649938)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d13e7384cbb24b/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.99.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649938/; classtype:trojan-activity;sid:83513038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649936)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d13e7384cbb24b/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.99.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649936/; classtype:trojan-activity;sid:83513036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649937)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d13e7384cbb24b/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.99.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649937/; classtype:trojan-activity;sid:83513037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649934)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d13e7384cbb24b/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.99.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649934/; classtype:trojan-activity;sid:83513034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649935)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d13e7384cbb24b/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.99.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649935/; classtype:trojan-activity;sid:83513035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649933)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d13e7384cbb24b/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.99.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649933/; classtype:trojan-activity;sid:83513033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649932)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d13e7384cbb24b/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.99.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649932/; classtype:trojan-activity;sid:83513032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.218.26.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649931/; classtype:trojan-activity;sid:83513031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.27.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649930/; classtype:trojan-activity;sid:83513030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649929)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/password_2022_installer.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"live.fxcrm.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649929/; classtype:trojan-activity;sid:83513029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649928)"; flow:established,from_client; content:"GET"; http_method; content:"/download/file_pass1234.7z"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"apexwholesaleinc.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649928/; classtype:trojan-activity;sid:83513028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649927)"; flow:established,from_client; content:"GET"; http_method; content:"/30a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sebastianloro.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649927/; classtype:trojan-activity;sid:83513027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649926)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649926/; classtype:trojan-activity;sid:83513026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.3.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649925/; classtype:trojan-activity;sid:83513025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.96.236.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649924/; classtype:trojan-activity;sid:83513024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.193.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649923/; classtype:trojan-activity;sid:83513023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.244.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649922/; classtype:trojan-activity;sid:83513022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.225.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649920/; classtype:trojan-activity;sid:83513020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649921/; classtype:trojan-activity;sid:83513021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.1.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649919/; classtype:trojan-activity;sid:83513019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.180.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649918/; classtype:trojan-activity;sid:83513018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649917/; classtype:trojan-activity;sid:83513017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.84.240.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649916/; classtype:trojan-activity;sid:83513016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.178.171.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649915/; classtype:trojan-activity;sid:83513015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.218.26.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649914/; classtype:trojan-activity;sid:83513014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.161.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649913/; classtype:trojan-activity;sid:83513013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.172.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649911/; classtype:trojan-activity;sid:83513011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.116.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649912/; classtype:trojan-activity;sid:83513012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.24.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649910/; classtype:trojan-activity;sid:83513010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.150.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649909/; classtype:trojan-activity;sid:83513009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649907/; classtype:trojan-activity;sid:83513007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.8.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649908/; classtype:trojan-activity;sid:83513008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.222.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649906/; classtype:trojan-activity;sid:83513006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.14.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649904/; classtype:trojan-activity;sid:83513004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.168.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649905/; classtype:trojan-activity;sid:83513005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.29.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649903/; classtype:trojan-activity;sid:83513003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.150.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649902/; classtype:trojan-activity;sid:83513002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.13.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649901/; classtype:trojan-activity;sid:83513001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.174.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649900/; classtype:trojan-activity;sid:83513000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649899/; classtype:trojan-activity;sid:83512999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649898/; classtype:trojan-activity;sid:83512998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.104.97.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649897/; classtype:trojan-activity;sid:83512997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.39.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649896/; classtype:trojan-activity;sid:83512996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.149.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649895/; classtype:trojan-activity;sid:83512995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.18.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649893/; classtype:trojan-activity;sid:83512993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.112.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649894/; classtype:trojan-activity;sid:83512994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.198.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649892/; classtype:trojan-activity;sid:83512992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.3.153.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649891/; classtype:trojan-activity;sid:83512991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.219.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649890/; classtype:trojan-activity;sid:83512990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.51.71.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649889/; classtype:trojan-activity;sid:83512989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.105.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649888/; classtype:trojan-activity;sid:83512988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.29.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649887/; classtype:trojan-activity;sid:83512987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649886/; classtype:trojan-activity;sid:83512986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649884/; classtype:trojan-activity;sid:83512984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.144.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649885/; classtype:trojan-activity;sid:83512985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.223.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649881/; classtype:trojan-activity;sid:83512981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.174.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649882/; classtype:trojan-activity;sid:83512982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.26.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649883/; classtype:trojan-activity;sid:83512983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.26.75.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649880/; classtype:trojan-activity;sid:83512980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.121.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649879/; classtype:trojan-activity;sid:83512979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649870/; classtype:trojan-activity;sid:83512970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649871/; classtype:trojan-activity;sid:83512971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649872/; classtype:trojan-activity;sid:83512972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649873/; classtype:trojan-activity;sid:83512973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649874/; classtype:trojan-activity;sid:83512974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649875/; classtype:trojan-activity;sid:83512975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649876/; classtype:trojan-activity;sid:83512976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649877/; classtype:trojan-activity;sid:83512977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649878/; classtype:trojan-activity;sid:83512978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.131.111.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649869/; classtype:trojan-activity;sid:83512969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.144.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649868/; classtype:trojan-activity;sid:83512968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.16.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649867/; classtype:trojan-activity;sid:83512967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649866/; classtype:trojan-activity;sid:83512966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.66.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649864/; classtype:trojan-activity;sid:83512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.62.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649865/; classtype:trojan-activity;sid:83512965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649863/; classtype:trojan-activity;sid:83512963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.190.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649862/; classtype:trojan-activity;sid:83512962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.22.200.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649861/; classtype:trojan-activity;sid:83512961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.51.71.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649860/; classtype:trojan-activity;sid:83512960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649859)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.204.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649859/; classtype:trojan-activity;sid:83512959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.229.56.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649858/; classtype:trojan-activity;sid:83512958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649857)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.120.42.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649857/; classtype:trojan-activity;sid:83512957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649855)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.146.36.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649855/; classtype:trojan-activity;sid:83512955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.69.155.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649856/; classtype:trojan-activity;sid:83512956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649854)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.107.112.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649854/; classtype:trojan-activity;sid:83512954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649853)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.8.103.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649853/; classtype:trojan-activity;sid:83512953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649852)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.130.186.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649852/; classtype:trojan-activity;sid:83512952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.163.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649851/; classtype:trojan-activity;sid:83512951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.168.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649849/; classtype:trojan-activity;sid:83512949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.146.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649850/; classtype:trojan-activity;sid:83512950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.242.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649848/; classtype:trojan-activity;sid:83512948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.26.75.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649847/; classtype:trojan-activity;sid:83512947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.18.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649846/; classtype:trojan-activity;sid:83512946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.163.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649845/; classtype:trojan-activity;sid:83512945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.53.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649844/; classtype:trojan-activity;sid:83512944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.235.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649843/; classtype:trojan-activity;sid:83512943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.164.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649841/; classtype:trojan-activity;sid:83512941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.166.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649842/; classtype:trojan-activity;sid:83512942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.173.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649840/; classtype:trojan-activity;sid:83512940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.72.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649839/; classtype:trojan-activity;sid:83512939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.193.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649838/; classtype:trojan-activity;sid:83512938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649837/; classtype:trojan-activity;sid:83512937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.160.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649836/; classtype:trojan-activity;sid:83512936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.123.235.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649835/; classtype:trojan-activity;sid:83512935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649832)"; flow:established,from_client; content:"GET"; http_method; content:"/911.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649832/; classtype:trojan-activity;sid:83512932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649833)"; flow:established,from_client; content:"GET"; http_method; content:"/911.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649833/; classtype:trojan-activity;sid:83512933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649834)"; flow:established,from_client; content:"GET"; http_method; content:"/911.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649834/; classtype:trojan-activity;sid:83512934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649831)"; flow:established,from_client; content:"GET"; http_method; content:"/911.x32"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649831/; classtype:trojan-activity;sid:83512931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649830)"; flow:established,from_client; content:"GET"; http_method; content:"/911.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649830/; classtype:trojan-activity;sid:83512930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649826)"; flow:established,from_client; content:"GET"; http_method; content:"/911.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649826/; classtype:trojan-activity;sid:83512926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649827)"; flow:established,from_client; content:"GET"; http_method; content:"/911.i586"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649827/; classtype:trojan-activity;sid:83512927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649828)"; flow:established,from_client; content:"GET"; http_method; content:"/911.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649828/; classtype:trojan-activity;sid:83512928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649829)"; flow:established,from_client; content:"GET"; http_method; content:"/911.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.123.6.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649829/; classtype:trojan-activity;sid:83512929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.249.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649825/; classtype:trojan-activity;sid:83512925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.38.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649824/; classtype:trojan-activity;sid:83512924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649823/; classtype:trojan-activity;sid:83512923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649822/; classtype:trojan-activity;sid:83512922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649819/; classtype:trojan-activity;sid:83512919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649820/; classtype:trojan-activity;sid:83512920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.53.153.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649821/; classtype:trojan-activity;sid:83512921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649818)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.81.39.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649818/; classtype:trojan-activity;sid:83512918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.220.36.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649817/; classtype:trojan-activity;sid:83512917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.25.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649816/; classtype:trojan-activity;sid:83512916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.85.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649815/; classtype:trojan-activity;sid:83512915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.235.141.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649814/; classtype:trojan-activity;sid:83512914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649813/; classtype:trojan-activity;sid:83512913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649812/; classtype:trojan-activity;sid:83512912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.92.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649810/; classtype:trojan-activity;sid:83512910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.6.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649811/; classtype:trojan-activity;sid:83512911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649809)"; flow:established,from_client; content:"GET"; http_method; content:"/12/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.14.224.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649809/; classtype:trojan-activity;sid:83512909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649808)"; flow:established,from_client; content:"GET"; http_method; content:"/div.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.172.130.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649808/; classtype:trojan-activity;sid:83512908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649807)"; flow:established,from_client; content:"GET"; http_method; content:"/257/hkcmd.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"141.98.6.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649807/; classtype:trojan-activity;sid:83512907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.171.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649806/; classtype:trojan-activity;sid:83512906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649805)"; flow:established,from_client; content:"GET"; http_method; content:"/884af7b2dd911e85/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"80.85.241.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649805/; classtype:trojan-activity;sid:83512905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649799)"; flow:established,from_client; content:"GET"; http_method; content:"/884af7b2dd911e85/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"80.85.241.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649799/; classtype:trojan-activity;sid:83512899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649800)"; flow:established,from_client; content:"GET"; http_method; content:"/884af7b2dd911e85/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"80.85.241.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649800/; classtype:trojan-activity;sid:83512900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649801)"; flow:established,from_client; content:"GET"; http_method; content:"/884af7b2dd911e85/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"80.85.241.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649801/; classtype:trojan-activity;sid:83512901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649802)"; flow:established,from_client; content:"GET"; http_method; content:"/884af7b2dd911e85/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"80.85.241.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649802/; classtype:trojan-activity;sid:83512902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649803)"; flow:established,from_client; content:"GET"; http_method; content:"/884af7b2dd911e85/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"80.85.241.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649803/; classtype:trojan-activity;sid:83512903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649804)"; flow:established,from_client; content:"GET"; http_method; content:"/884af7b2dd911e85/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"80.85.241.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649804/; classtype:trojan-activity;sid:83512904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.72.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649798/; classtype:trojan-activity;sid:83512898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.11.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649797/; classtype:trojan-activity;sid:83512897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.50.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649793/; classtype:trojan-activity;sid:83512893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.194.221.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649794/; classtype:trojan-activity;sid:83512894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.117.212.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649795/; classtype:trojan-activity;sid:83512895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649796/; classtype:trojan-activity;sid:83512896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649792/; classtype:trojan-activity;sid:83512892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.0.42.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649791/; classtype:trojan-activity;sid:83512891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.229.225.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649788/; classtype:trojan-activity;sid:83512888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.249.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649789/; classtype:trojan-activity;sid:83512889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.171.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649790/; classtype:trojan-activity;sid:83512890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.223.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649787/; classtype:trojan-activity;sid:83512887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649786/; classtype:trojan-activity;sid:83512886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.112.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649785/; classtype:trojan-activity;sid:83512885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.181.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649784/; classtype:trojan-activity;sid:83512884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.25.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649783/; classtype:trojan-activity;sid:83512883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.145.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649782/; classtype:trojan-activity;sid:83512882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.197.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649781/; classtype:trojan-activity;sid:83512881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.115.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649780/; classtype:trojan-activity;sid:83512880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649779)"; flow:established,from_client; content:"GET"; http_method; content:"/teambzx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649779/; classtype:trojan-activity;sid:83512879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.20.194.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649778/; classtype:trojan-activity;sid:83512878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.110.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649777/; classtype:trojan-activity;sid:83512877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.38.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649776/; classtype:trojan-activity;sid:83512876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649775/; classtype:trojan-activity;sid:83512875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.146.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649774/; classtype:trojan-activity;sid:83512874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.237.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649773/; classtype:trojan-activity;sid:83512873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.164.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649772/; classtype:trojan-activity;sid:83512872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.135.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649771/; classtype:trojan-activity;sid:83512871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.111.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649770/; classtype:trojan-activity;sid:83512870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649769)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.69.23.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649769/; classtype:trojan-activity;sid:83512869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.70.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649768/; classtype:trojan-activity;sid:83512868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.177.169.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649766/; classtype:trojan-activity;sid:83512866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649767/; classtype:trojan-activity;sid:83512867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649765/; classtype:trojan-activity;sid:83512865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.34.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649763/; classtype:trojan-activity;sid:83512863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.203.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649764/; classtype:trojan-activity;sid:83512864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.72.240.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649762/; classtype:trojan-activity;sid:83512862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.251.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649761/; classtype:trojan-activity;sid:83512861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.45.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649760/; classtype:trojan-activity;sid:83512860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649759)"; flow:established,from_client; content:"GET"; http_method; content:"/d/2ndoybir12bs1ity28swaz6i2fjlkp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"darkbox.pw"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649759/; classtype:trojan-activity;sid:83512859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/index.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"speedlab.com.eg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649758/; classtype:trojan-activity;sid:83512858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649752)"; flow:established,from_client; content:"GET"; http_method; content:"/doc791620691_664833875|3f|hash=u7ga1wpz7gzn7r6aswfnrszp1ehxac8b6j8qqmorxow|7c|26|7c|dl=zmkthzyczz9xdvxi97d73ykxsvjjpzzgwy3swu7jhpd|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649752/; classtype:trojan-activity;sid:83512852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649753)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1111985588615249960/1113502455964110848/54656464.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649753/; classtype:trojan-activity;sid:83512853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649754)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1113947677764374622/1113960414951252049/1st.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649754/; classtype:trojan-activity;sid:83512854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649755)"; flow:established,from_client; content:"GET"; http_method; content:"/doc791620691_664818571|3f|hash=kqwt2dlep2t5sj5vndzhuni4nekblvzknh4t9r4wez8|7c|26|7c|dl=fzxik337ndfqp8n89trfozaaa56otw0zzk18fmczuhd|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649755/; classtype:trojan-activity;sid:83512855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649756)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1111985588615249960/1113790937693433916/54656464.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649756/; classtype:trojan-activity;sid:83512856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649757)"; flow:established,from_client; content:"GET"; http_method; content:"/data-package/llblt2vl/download"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"filetransfer.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649757/; classtype:trojan-activity;sid:83512857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649749)"; flow:established,from_client; content:"GET"; http_method; content:"/cc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.180.48.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649749/; classtype:trojan-activity;sid:83512849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649750)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.db"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"79.137.206.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649750/; classtype:trojan-activity;sid:83512850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649751)"; flow:established,from_client; content:"GET"; http_method; content:"/doc791620691_664813991|3f|hash=kz72xrd5sxewzcsianq0mnbhaayz5xzii1d06axwdt4|7c|26|7c|dl=9jjy9l7rzvpoppvb88ou3xgjd1boxuvrukrkfhtcqnx|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649751/; classtype:trojan-activity;sid:83512851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649747)"; flow:established,from_client; content:"GET"; http_method; content:"/rhgf44/string/main/readme.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649747/; classtype:trojan-activity;sid:83512847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649748)"; flow:established,from_client; content:"GET"; http_method; content:"/file/tj6tw58l7pt45b8/2o23-f1les-s0ft.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649748/; classtype:trojan-activity;sid:83512848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649746)"; flow:established,from_client; content:"GET"; http_method; content:"/sp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.99.221.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649746/; classtype:trojan-activity;sid:83512846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649745)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsapp1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"62.171.178.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649745/; classtype:trojan-activity;sid:83512845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649744)"; flow:established,from_client; content:"GET"; http_method; content:"/grace.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"198.46.132.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649744/; classtype:trojan-activity;sid:83512844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.38.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649743/; classtype:trojan-activity;sid:83512843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.78.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649742/; classtype:trojan-activity;sid:83512842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.254.57.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649741/; classtype:trojan-activity;sid:83512841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.236.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649740/; classtype:trojan-activity;sid:83512840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.177.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649739/; classtype:trojan-activity;sid:83512839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.58.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649738/; classtype:trojan-activity;sid:83512838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649737/; classtype:trojan-activity;sid:83512837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.62.39.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649736/; classtype:trojan-activity;sid:83512836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649735)"; flow:established,from_client; content:"GET"; http_method; content:"/49/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.14.224.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649735/; classtype:trojan-activity;sid:83512835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649734)"; flow:established,from_client; content:"GET"; http_method; content:"/io/ioioioioioioioioioioio%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ioioioioioio.doc"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"45.66.230.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649734/; classtype:trojan-activity;sid:83512834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.174.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649733/; classtype:trojan-activity;sid:83512833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.166.201.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649732/; classtype:trojan-activity;sid:83512832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649731/; classtype:trojan-activity;sid:83512831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649730)"; flow:established,from_client; content:"GET"; http_method; content:"/344/hkcmd.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.3.189.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649730/; classtype:trojan-activity;sid:83512830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.254.57.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649729/; classtype:trojan-activity;sid:83512829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649728/; classtype:trojan-activity;sid:83512828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.145.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649727/; classtype:trojan-activity;sid:83512827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649726/; classtype:trojan-activity;sid:83512826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.78.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649725/; classtype:trojan-activity;sid:83512825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.64.15.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649724/; classtype:trojan-activity;sid:83512824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.181.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649723/; classtype:trojan-activity;sid:83512823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649722/; classtype:trojan-activity;sid:83512822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.241.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649719/; classtype:trojan-activity;sid:83512819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.48.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649720/; classtype:trojan-activity;sid:83512820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.178.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649721/; classtype:trojan-activity;sid:83512821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.173.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649718/; classtype:trojan-activity;sid:83512818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649717/; classtype:trojan-activity;sid:83512817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.213.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649716/; classtype:trojan-activity;sid:83512816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.30.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649715/; classtype:trojan-activity;sid:83512815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.181.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649714/; classtype:trojan-activity;sid:83512814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649713/; classtype:trojan-activity;sid:83512813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.100.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649711/; classtype:trojan-activity;sid:83512811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.53.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649712/; classtype:trojan-activity;sid:83512812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.169.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649710/; classtype:trojan-activity;sid:83512810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.219.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649709/; classtype:trojan-activity;sid:83512809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.167.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649707/; classtype:trojan-activity;sid:83512807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.182.208.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649708/; classtype:trojan-activity;sid:83512808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.64.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649706/; classtype:trojan-activity;sid:83512806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.104.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649705/; classtype:trojan-activity;sid:83512805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.32.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649704/; classtype:trojan-activity;sid:83512804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.132.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649703/; classtype:trojan-activity;sid:83512803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.47.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649701/; classtype:trojan-activity;sid:83512801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.66.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649702/; classtype:trojan-activity;sid:83512802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649699/; classtype:trojan-activity;sid:83512799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649700/; classtype:trojan-activity;sid:83512800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.120.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649698/; classtype:trojan-activity;sid:83512798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.233.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649697/; classtype:trojan-activity;sid:83512797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649696/; classtype:trojan-activity;sid:83512796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649694/; classtype:trojan-activity;sid:83512794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.17.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649695/; classtype:trojan-activity;sid:83512795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649693/; classtype:trojan-activity;sid:83512793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.151.71.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649692/; classtype:trojan-activity;sid:83512792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.146.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649691/; classtype:trojan-activity;sid:83512791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.173.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649690/; classtype:trojan-activity;sid:83512790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.234.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649689/; classtype:trojan-activity;sid:83512789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.14.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649688/; classtype:trojan-activity;sid:83512788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.47.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649687/; classtype:trojan-activity;sid:83512787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649685/; classtype:trojan-activity;sid:83512785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.213.63.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649686/; classtype:trojan-activity;sid:83512786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.7.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649684/; classtype:trojan-activity;sid:83512784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.155.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649683/; classtype:trojan-activity;sid:83512783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.209.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649682/; classtype:trojan-activity;sid:83512782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.118.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649681/; classtype:trojan-activity;sid:83512781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.180.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649680/; classtype:trojan-activity;sid:83512780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649679/; classtype:trojan-activity;sid:83512779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.129.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649678/; classtype:trojan-activity;sid:83512778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649677/; classtype:trojan-activity;sid:83512777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.176.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649676/; classtype:trojan-activity;sid:83512776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.195.56.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649675/; classtype:trojan-activity;sid:83512775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.121.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649674/; classtype:trojan-activity;sid:83512774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.14.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649673/; classtype:trojan-activity;sid:83512773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.7.64.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649672/; classtype:trojan-activity;sid:83512772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.137.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649671/; classtype:trojan-activity;sid:83512771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.113.212.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649670/; classtype:trojan-activity;sid:83512770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.245.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649669/; classtype:trojan-activity;sid:83512769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.14.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649668/; classtype:trojan-activity;sid:83512768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.173.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649667/; classtype:trojan-activity;sid:83512767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.72.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649666/; classtype:trojan-activity;sid:83512766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649665/; classtype:trojan-activity;sid:83512765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.182.197.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649664/; classtype:trojan-activity;sid:83512764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.42.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649662/; classtype:trojan-activity;sid:83512762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.232.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649663/; classtype:trojan-activity;sid:83512763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.161.218.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649661/; classtype:trojan-activity;sid:83512761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.208.88.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649660/; classtype:trojan-activity;sid:83512760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649659/; classtype:trojan-activity;sid:83512759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.249.176.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649658/; classtype:trojan-activity;sid:83512758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.15.89.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649657/; classtype:trojan-activity;sid:83512757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.71.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649656/; classtype:trojan-activity;sid:83512756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.250.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649654/; classtype:trojan-activity;sid:83512754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649655/; classtype:trojan-activity;sid:83512755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.30.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649653/; classtype:trojan-activity;sid:83512753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.174.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649651/; classtype:trojan-activity;sid:83512751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.112.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649652/; classtype:trojan-activity;sid:83512752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.138.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649650/; classtype:trojan-activity;sid:83512750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.89.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649649/; classtype:trojan-activity;sid:83512749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649648/; classtype:trojan-activity;sid:83512748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.242.243.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649647/; classtype:trojan-activity;sid:83512747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.235.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649646/; classtype:trojan-activity;sid:83512746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.56.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649645/; classtype:trojan-activity;sid:83512745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.250.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649644/; classtype:trojan-activity;sid:83512744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649643/; classtype:trojan-activity;sid:83512743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.138.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649642/; classtype:trojan-activity;sid:83512742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.43.164.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649641/; classtype:trojan-activity;sid:83512741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649638/; classtype:trojan-activity;sid:83512738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.127.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649639/; classtype:trojan-activity;sid:83512739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649640/; classtype:trojan-activity;sid:83512740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649637/; classtype:trojan-activity;sid:83512737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.187.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649636/; classtype:trojan-activity;sid:83512736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649635/; classtype:trojan-activity;sid:83512735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649634/; classtype:trojan-activity;sid:83512734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.215.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649633/; classtype:trojan-activity;sid:83512733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.127.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649632/; classtype:trojan-activity;sid:83512732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.74.78.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649631/; classtype:trojan-activity;sid:83512731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.74.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649630/; classtype:trojan-activity;sid:83512730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649629/; classtype:trojan-activity;sid:83512729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.213.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649628/; classtype:trojan-activity;sid:83512728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.204.17.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649627/; classtype:trojan-activity;sid:83512727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.41.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649626/; classtype:trojan-activity;sid:83512726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.103.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649625/; classtype:trojan-activity;sid:83512725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.235.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649624/; classtype:trojan-activity;sid:83512724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.43.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649623/; classtype:trojan-activity;sid:83512723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.173.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649622/; classtype:trojan-activity;sid:83512722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.220.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649621/; classtype:trojan-activity;sid:83512721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649620/; classtype:trojan-activity;sid:83512720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.173.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649619/; classtype:trojan-activity;sid:83512719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.104.45.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649618/; classtype:trojan-activity;sid:83512718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.89.58.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649617/; classtype:trojan-activity;sid:83512717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.158.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649616/; classtype:trojan-activity;sid:83512716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.70.213.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649615/; classtype:trojan-activity;sid:83512715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.95.145.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649614/; classtype:trojan-activity;sid:83512714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649613/; classtype:trojan-activity;sid:83512713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.172.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649612/; classtype:trojan-activity;sid:83512712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.73.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649611/; classtype:trojan-activity;sid:83512711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.150.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649610/; classtype:trojan-activity;sid:83512710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.243.160.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649609/; classtype:trojan-activity;sid:83512709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.248.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649608/; classtype:trojan-activity;sid:83512708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.20.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649607/; classtype:trojan-activity;sid:83512707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.252.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649606/; classtype:trojan-activity;sid:83512706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.168.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649604/; classtype:trojan-activity;sid:83512704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.91.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649605/; classtype:trojan-activity;sid:83512705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.70.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649603/; classtype:trojan-activity;sid:83512703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.73.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649602/; classtype:trojan-activity;sid:83512702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.239.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649601/; classtype:trojan-activity;sid:83512701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.116.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649600/; classtype:trojan-activity;sid:83512700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.35.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649599/; classtype:trojan-activity;sid:83512699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.3.232.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649598/; classtype:trojan-activity;sid:83512698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.139.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649597/; classtype:trojan-activity;sid:83512697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.98.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649596/; classtype:trojan-activity;sid:83512696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649595/; classtype:trojan-activity;sid:83512695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649594/; classtype:trojan-activity;sid:83512694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.160.96.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649591/; classtype:trojan-activity;sid:83512691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.188.170.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649592/; classtype:trojan-activity;sid:83512692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.52.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649593/; classtype:trojan-activity;sid:83512693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649589/; classtype:trojan-activity;sid:83512689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.198.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649590/; classtype:trojan-activity;sid:83512690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.110.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649588/; classtype:trojan-activity;sid:83512688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.89.39.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649587/; classtype:trojan-activity;sid:83512687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.81.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649586/; classtype:trojan-activity;sid:83512686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.17.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649585/; classtype:trojan-activity;sid:83512685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.172.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649583/; classtype:trojan-activity;sid:83512683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.23.22.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649584/; classtype:trojan-activity;sid:83512684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649582/; classtype:trojan-activity;sid:83512682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.211.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649581/; classtype:trojan-activity;sid:83512681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.199.189.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_02; reference:url, urlhaus.abuse.ch/url/2649580/; classtype:trojan-activity;sid:83512680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.52.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649579/; classtype:trojan-activity;sid:83512679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.180.106.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649578/; classtype:trojan-activity;sid:83512678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649577/; classtype:trojan-activity;sid:83512677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.154.4.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649575/; classtype:trojan-activity;sid:83512675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.224.237.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649576/; classtype:trojan-activity;sid:83512676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.233.188.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649574/; classtype:trojan-activity;sid:83512674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.175.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649573/; classtype:trojan-activity;sid:83512673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.44.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649572/; classtype:trojan-activity;sid:83512672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.245.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649571/; classtype:trojan-activity;sid:83512671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.88.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649570/; classtype:trojan-activity;sid:83512670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649569/; classtype:trojan-activity;sid:83512669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.199.189.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649568/; classtype:trojan-activity;sid:83512668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.224.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649567/; classtype:trojan-activity;sid:83512667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.25.243.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649566/; classtype:trojan-activity;sid:83512666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.128.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649565/; classtype:trojan-activity;sid:83512665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.70.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649564/; classtype:trojan-activity;sid:83512664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.133.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649563/; classtype:trojan-activity;sid:83512663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.235.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649562/; classtype:trojan-activity;sid:83512662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.175.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649561/; classtype:trojan-activity;sid:83512661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.245.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649560/; classtype:trojan-activity;sid:83512660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.221.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649559/; classtype:trojan-activity;sid:83512659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.128.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649558/; classtype:trojan-activity;sid:83512658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.232.8.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649557/; classtype:trojan-activity;sid:83512657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.102.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649556/; classtype:trojan-activity;sid:83512656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.217.144.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649555/; classtype:trojan-activity;sid:83512655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.60.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649554/; classtype:trojan-activity;sid:83512654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.44.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649553/; classtype:trojan-activity;sid:83512653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.128.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649552/; classtype:trojan-activity;sid:83512652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.101.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649551/; classtype:trojan-activity;sid:83512651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.161.218.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649550/; classtype:trojan-activity;sid:83512650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.233.14.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649548/; classtype:trojan-activity;sid:83512648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.225.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649549/; classtype:trojan-activity;sid:83512649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.43.244.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649547/; classtype:trojan-activity;sid:83512647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.205.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649546/; classtype:trojan-activity;sid:83512646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.193.105.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649545/; classtype:trojan-activity;sid:83512645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.116.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649544/; classtype:trojan-activity;sid:83512644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649543/; classtype:trojan-activity;sid:83512643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.16.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649542/; classtype:trojan-activity;sid:83512642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.20.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649541/; classtype:trojan-activity;sid:83512641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.161.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649540/; classtype:trojan-activity;sid:83512640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.23.90.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649539/; classtype:trojan-activity;sid:83512639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.247.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649538/; classtype:trojan-activity;sid:83512638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.108.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649537/; classtype:trojan-activity;sid:83512637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.28.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649536/; classtype:trojan-activity;sid:83512636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.219.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649535/; classtype:trojan-activity;sid:83512635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.161.218.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649534/; classtype:trojan-activity;sid:83512634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.23.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649532/; classtype:trojan-activity;sid:83512632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.20.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649533/; classtype:trojan-activity;sid:83512633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.247.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649531/; classtype:trojan-activity;sid:83512631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.154.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649530/; classtype:trojan-activity;sid:83512630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.54.253.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649528/; classtype:trojan-activity;sid:83512628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.14.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649529/; classtype:trojan-activity;sid:83512629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.224.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649527/; classtype:trojan-activity;sid:83512627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.245.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649526/; classtype:trojan-activity;sid:83512626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.1.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649525/; classtype:trojan-activity;sid:83512625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649524/; classtype:trojan-activity;sid:83512624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.28.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649523/; classtype:trojan-activity;sid:83512623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.101.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649522/; classtype:trojan-activity;sid:83512622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.12.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649520/; classtype:trojan-activity;sid:83512620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.108.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649521/; classtype:trojan-activity;sid:83512621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.5.45.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649519/; classtype:trojan-activity;sid:83512619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.188.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649518/; classtype:trojan-activity;sid:83512618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649517)"; flow:established,from_client; content:"GET"; http_method; content:"/rsdadvvsvy/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bmkoin.ch"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649517/; classtype:trojan-activity;sid:83512617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649516)"; flow:established,from_client; content:"GET"; http_method; content:"/kqmnijnipa/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rosneft-armenia.am"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649516/; classtype:trojan-activity;sid:83512616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649515)"; flow:established,from_client; content:"GET"; http_method; content:"/jlvprqoyyh/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"alhoja.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649515/; classtype:trojan-activity;sid:83512615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649514)"; flow:established,from_client; content:"GET"; http_method; content:"/fzpxlhizxp/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"realizemyproject.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649514/; classtype:trojan-activity;sid:83512614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649512)"; flow:established,from_client; content:"GET"; http_method; content:"/jbtadmrmko/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"weboceantech.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649512/; classtype:trojan-activity;sid:83512612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649513)"; flow:established,from_client; content:"GET"; http_method; content:"/nhpybtfjnz/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sonictax.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649513/; classtype:trojan-activity;sid:83512613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649508)"; flow:established,from_client; content:"GET"; http_method; content:"/drhxrpuicl/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"spandhana.co.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649508/; classtype:trojan-activity;sid:83512608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649509)"; flow:established,from_client; content:"GET"; http_method; content:"/iuvgtrlpyv/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bmkoin.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649509/; classtype:trojan-activity;sid:83512609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649510)"; flow:established,from_client; content:"GET"; http_method; content:"/nmxvncowyb/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"skyline-solutions.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649510/; classtype:trojan-activity;sid:83512610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649511)"; flow:established,from_client; content:"GET"; http_method; content:"/ptstwupoul/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"promolaser.com.mx"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649511/; classtype:trojan-activity;sid:83512611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649505)"; flow:established,from_client; content:"GET"; http_method; content:"/iebcqyhjfa/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"assurancetp.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649505/; classtype:trojan-activity;sid:83512605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649506)"; flow:established,from_client; content:"GET"; http_method; content:"/nvwnotxwhi/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"espacoflora.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649506/; classtype:trojan-activity;sid:83512606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649507)"; flow:established,from_client; content:"GET"; http_method; content:"/kqqhgrymhg/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"masol.fr"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649507/; classtype:trojan-activity;sid:83512607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.33.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649504/; classtype:trojan-activity;sid:83512604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649502/; classtype:trojan-activity;sid:83512602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649503/; classtype:trojan-activity;sid:83512603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.172.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649500/; classtype:trojan-activity;sid:83512600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649501/; classtype:trojan-activity;sid:83512601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.245.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649499/; classtype:trojan-activity;sid:83512599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.12.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649498/; classtype:trojan-activity;sid:83512598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.224.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649497/; classtype:trojan-activity;sid:83512597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649496/; classtype:trojan-activity;sid:83512596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649495/; classtype:trojan-activity;sid:83512595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649494)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.228.198.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649494/; classtype:trojan-activity;sid:83512594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.109.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649493/; classtype:trojan-activity;sid:83512593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.52.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649492/; classtype:trojan-activity;sid:83512592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649491/; classtype:trojan-activity;sid:83512591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.114.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649489/; classtype:trojan-activity;sid:83512589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.114.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649490/; classtype:trojan-activity;sid:83512590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649488/; classtype:trojan-activity;sid:83512588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.132.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649487/; classtype:trojan-activity;sid:83512587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.5.45.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649486/; classtype:trojan-activity;sid:83512586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.177.128.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649485/; classtype:trojan-activity;sid:83512585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.177.218.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649484/; classtype:trojan-activity;sid:83512584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649483/; classtype:trojan-activity;sid:83512583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.105.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649482/; classtype:trojan-activity;sid:83512582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.61.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649481/; classtype:trojan-activity;sid:83512581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.198.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649480/; classtype:trojan-activity;sid:83512580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649479/; classtype:trojan-activity;sid:83512579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.217.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649478/; classtype:trojan-activity;sid:83512578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.178.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649476/; classtype:trojan-activity;sid:83512576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.17.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649477/; classtype:trojan-activity;sid:83512577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.132.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649475/; classtype:trojan-activity;sid:83512575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.154.142.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649474/; classtype:trojan-activity;sid:83512574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.20.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649473/; classtype:trojan-activity;sid:83512573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.202.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649472/; classtype:trojan-activity;sid:83512572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.213.179.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649470/; classtype:trojan-activity;sid:83512570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.25.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649471/; classtype:trojan-activity;sid:83512571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.102.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649469/; classtype:trojan-activity;sid:83512569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.182.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649468/; classtype:trojan-activity;sid:83512568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.229.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649466/; classtype:trojan-activity;sid:83512566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.92.213.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649467/; classtype:trojan-activity;sid:83512567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.13.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649462/; classtype:trojan-activity;sid:83512562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649463/; classtype:trojan-activity;sid:83512563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.151.123.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649464/; classtype:trojan-activity;sid:83512564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.188.224.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649465/; classtype:trojan-activity;sid:83512565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649461/; classtype:trojan-activity;sid:83512561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.93.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649460/; classtype:trojan-activity;sid:83512560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.226.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649459/; classtype:trojan-activity;sid:83512559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.27.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649458/; classtype:trojan-activity;sid:83512558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.94.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649457/; classtype:trojan-activity;sid:83512557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.174.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649456/; classtype:trojan-activity;sid:83512556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.72.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649455/; classtype:trojan-activity;sid:83512555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.198.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649454/; classtype:trojan-activity;sid:83512554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649453/; classtype:trojan-activity;sid:83512553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.223.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649452/; classtype:trojan-activity;sid:83512552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.229.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649451/; classtype:trojan-activity;sid:83512551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"207.210.26.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649450/; classtype:trojan-activity;sid:83512550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.226.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649449/; classtype:trojan-activity;sid:83512549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.232.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649448/; classtype:trojan-activity;sid:83512548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649447/; classtype:trojan-activity;sid:83512547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.61.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649446/; classtype:trojan-activity;sid:83512546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.239.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649444/; classtype:trojan-activity;sid:83512544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649445/; classtype:trojan-activity;sid:83512545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.169.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649443/; classtype:trojan-activity;sid:83512543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649442/; classtype:trojan-activity;sid:83512542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.109.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649441/; classtype:trojan-activity;sid:83512541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.32.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649439/; classtype:trojan-activity;sid:83512539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.103.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649440/; classtype:trojan-activity;sid:83512540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.231.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649438/; classtype:trojan-activity;sid:83512538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.188.209.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649437/; classtype:trojan-activity;sid:83512537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.218.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649436/; classtype:trojan-activity;sid:83512536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.72.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649435/; classtype:trojan-activity;sid:83512535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.67.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649434/; classtype:trojan-activity;sid:83512534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649431/; classtype:trojan-activity;sid:83512531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649432/; classtype:trojan-activity;sid:83512532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649433/; classtype:trojan-activity;sid:83512533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649430)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qhc5ls61"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649430/; classtype:trojan-activity;sid:83512530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.198.230.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649429/; classtype:trojan-activity;sid:83512529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.68.146.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649428/; classtype:trojan-activity;sid:83512528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649421)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649421/; classtype:trojan-activity;sid:83512521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649422/; classtype:trojan-activity;sid:83512522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649423)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649423/; classtype:trojan-activity;sid:83512523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649424)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649424/; classtype:trojan-activity;sid:83512524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649425)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649425/; classtype:trojan-activity;sid:83512525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649426/; classtype:trojan-activity;sid:83512526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.11.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649427/; classtype:trojan-activity;sid:83512527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649419/; classtype:trojan-activity;sid:83512519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649420/; classtype:trojan-activity;sid:83512520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.205.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649418/; classtype:trojan-activity;sid:83512518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.233.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649417/; classtype:trojan-activity;sid:83512517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.213.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649416/; classtype:trojan-activity;sid:83512516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.111.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649415/; classtype:trojan-activity;sid:83512515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.212.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649414/; classtype:trojan-activity;sid:83512514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.150.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649413/; classtype:trojan-activity;sid:83512513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.159.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649412/; classtype:trojan-activity;sid:83512512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.115.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649411/; classtype:trojan-activity;sid:83512511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.183.175.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649410/; classtype:trojan-activity;sid:83512510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.110.67.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649409/; classtype:trojan-activity;sid:83512509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.10.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649408/; classtype:trojan-activity;sid:83512508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.9.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649407/; classtype:trojan-activity;sid:83512507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.164.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649406/; classtype:trojan-activity;sid:83512506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649405/; classtype:trojan-activity;sid:83512505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649404/; classtype:trojan-activity;sid:83512504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.177.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649403/; classtype:trojan-activity;sid:83512503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649402)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vlc.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649402/; classtype:trojan-activity;sid:83512502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649401)"; flow:established,from_client; content:"GET"; http_method; content:"/iii/iiiiiiiiiiiiiii%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23iiiiii.doc"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"107.175.113.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649401/; classtype:trojan-activity;sid:83512501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649395)"; flow:established,from_client; content:"GET"; http_method; content:"/d/m.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649395/; classtype:trojan-activity;sid:83512495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649396)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ga.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649396/; classtype:trojan-activity;sid:83512496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649397)"; flow:established,from_client; content:"GET"; http_method; content:"/d/nano.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649397/; classtype:trojan-activity;sid:83512497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649398)"; flow:established,from_client; content:"GET"; http_method; content:"/d/dll.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649398/; classtype:trojan-activity;sid:83512498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649399)"; flow:established,from_client; content:"GET"; http_method; content:"/d/fara.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649399/; classtype:trojan-activity;sid:83512499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649400)"; flow:established,from_client; content:"GET"; http_method; content:"/d/seadorf.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649400/; classtype:trojan-activity;sid:83512500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.163.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649394/; classtype:trojan-activity;sid:83512494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.149.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649393/; classtype:trojan-activity;sid:83512493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649392/; classtype:trojan-activity;sid:83512492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.44.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649391/; classtype:trojan-activity;sid:83512491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.67.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649390/; classtype:trojan-activity;sid:83512490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649389)"; flow:established,from_client; content:"GET"; http_method; content:"/jsdvzhvxnbzczvbzvc.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"195.178.120.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649389/; classtype:trojan-activity;sid:83512489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649388/; classtype:trojan-activity;sid:83512488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.219.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649387/; classtype:trojan-activity;sid:83512487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649386/; classtype:trojan-activity;sid:83512486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649385)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mapla.com.mx"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649385/; classtype:trojan-activity;sid:83512485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649384)"; flow:established,from_client; content:"GET"; http_method; content:"/sort/chat-gpt.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"downchatgpt.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649384/; classtype:trojan-activity;sid:83512484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649383)"; flow:established,from_client; content:"GET"; http_method; content:"/cnyxxbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"elpyldry.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649383/; classtype:trojan-activity;sid:83512483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649382)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"98.159.100.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649382/; classtype:trojan-activity;sid:83512482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649381)"; flow:established,from_client; content:"GET"; http_method; content:"/32/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.230.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649381/; classtype:trojan-activity;sid:83512481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649380)"; flow:established,from_client; content:"GET"; http_method; content:"/iii/iiiiiiiiiiiiiiiiiiiiiiii%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23iiiiiiiiiiiiiiiiiiiiii.doc"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"45.66.230.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649380/; classtype:trojan-activity;sid:83512480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.254.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649378/; classtype:trojan-activity;sid:83512478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.83.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649379/; classtype:trojan-activity;sid:83512479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.117.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649377/; classtype:trojan-activity;sid:83512477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649376)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1113841012108972094/1113841203293728870/password_2022_installer.rar"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649376/; classtype:trojan-activity;sid:83512476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.253.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649375/; classtype:trojan-activity;sid:83512475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.246.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649374/; classtype:trojan-activity;sid:83512474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.66.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649373/; classtype:trojan-activity;sid:83512473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.189.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649372/; classtype:trojan-activity;sid:83512472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.148.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649371/; classtype:trojan-activity;sid:83512471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.163.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649370/; classtype:trojan-activity;sid:83512470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649368)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.107.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649368/; classtype:trojan-activity;sid:83512468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649369)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"91.107.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649369/; classtype:trojan-activity;sid:83512469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649363)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.107.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649363/; classtype:trojan-activity;sid:83512463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649364)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.107.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649364/; classtype:trojan-activity;sid:83512464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649365)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"91.107.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649365/; classtype:trojan-activity;sid:83512465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649366)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.107.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649366/; classtype:trojan-activity;sid:83512466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649367)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.107.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649367/; classtype:trojan-activity;sid:83512467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.93.3.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649362/; classtype:trojan-activity;sid:83512462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649361)"; flow:established,from_client; content:"GET"; http_method; content:"/b66ssc.dotm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.107.210.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649361/; classtype:trojan-activity;sid:83512461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.130.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649360/; classtype:trojan-activity;sid:83512460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.135.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649359/; classtype:trojan-activity;sid:83512459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.19.250.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649358/; classtype:trojan-activity;sid:83512458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tinytask.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.107.210.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649357/; classtype:trojan-activity;sid:83512457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.219.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649356/; classtype:trojan-activity;sid:83512456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.239.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649355/; classtype:trojan-activity;sid:83512455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649354)"; flow:established,from_client; content:"GET"; http_method; content:"/izryjrhasj/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ecceworldconference.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649354/; classtype:trojan-activity;sid:83512454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649353)"; flow:established,from_client; content:"GET"; http_method; content:"/rthfshoblq/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"desireautoservices.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649353/; classtype:trojan-activity;sid:83512453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649351)"; flow:established,from_client; content:"GET"; http_method; content:"/mxctojjoxa/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"abrechadacasa.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649351/; classtype:trojan-activity;sid:83512451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649352)"; flow:established,from_client; content:"GET"; http_method; content:"/swnmjiyylk/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"biocretebags.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649352/; classtype:trojan-activity;sid:83512452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649349)"; flow:established,from_client; content:"GET"; http_method; content:"/mumkwxadec/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"promoverte.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649349/; classtype:trojan-activity;sid:83512449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649350)"; flow:established,from_client; content:"GET"; http_method; content:"/xedvpqhvdr/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"trustmeemily.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649350/; classtype:trojan-activity;sid:83512450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.160.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649348/; classtype:trojan-activity;sid:83512448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.228.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649347/; classtype:trojan-activity;sid:83512447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.161.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649346/; classtype:trojan-activity;sid:83512446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.10.3.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649345/; classtype:trojan-activity;sid:83512445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.102.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649344/; classtype:trojan-activity;sid:83512444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.228.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649343/; classtype:trojan-activity;sid:83512443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.234.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649342/; classtype:trojan-activity;sid:83512442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.95.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649341/; classtype:trojan-activity;sid:83512441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.124.165.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649340/; classtype:trojan-activity;sid:83512440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649338/; classtype:trojan-activity;sid:83512438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.12.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649339/; classtype:trojan-activity;sid:83512439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.52.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649337/; classtype:trojan-activity;sid:83512437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.207.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649336/; classtype:trojan-activity;sid:83512436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.225.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649335/; classtype:trojan-activity;sid:83512435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.161.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649334/; classtype:trojan-activity;sid:83512434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.245.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649333/; classtype:trojan-activity;sid:83512433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.108.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649332/; classtype:trojan-activity;sid:83512432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.232.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649331/; classtype:trojan-activity;sid:83512431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.180.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649330/; classtype:trojan-activity;sid:83512430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.80.4.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649329/; classtype:trojan-activity;sid:83512429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.89.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649328/; classtype:trojan-activity;sid:83512428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.108.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649327/; classtype:trojan-activity;sid:83512427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.73.7.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649326/; classtype:trojan-activity;sid:83512426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649325/; classtype:trojan-activity;sid:83512425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"172.36.11.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649324/; classtype:trojan-activity;sid:83512424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649323/; classtype:trojan-activity;sid:83512423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.245.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649322/; classtype:trojan-activity;sid:83512422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649321/; classtype:trojan-activity;sid:83512421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649320/; classtype:trojan-activity;sid:83512420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.40.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649319/; classtype:trojan-activity;sid:83512419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.131.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649318/; classtype:trojan-activity;sid:83512418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649317/; classtype:trojan-activity;sid:83512417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649316)"; flow:established,from_client; content:"GET"; http_method; content:"/86.nn"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.234.237.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649316/; classtype:trojan-activity;sid:83512416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.183.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649315/; classtype:trojan-activity;sid:83512415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.202.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649314/; classtype:trojan-activity;sid:83512414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649313/; classtype:trojan-activity;sid:83512413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.25.134.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649312/; classtype:trojan-activity;sid:83512412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.105.212.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649311/; classtype:trojan-activity;sid:83512411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649310)"; flow:established,from_client; content:"GET"; http_method; content:"/hkl.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"109.206.240.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649310/; classtype:trojan-activity;sid:83512410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.85.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649309/; classtype:trojan-activity;sid:83512409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.172.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649308/; classtype:trojan-activity;sid:83512408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649307/; classtype:trojan-activity;sid:83512407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.202.194.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649306/; classtype:trojan-activity;sid:83512406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649305/; classtype:trojan-activity;sid:83512405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.254.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649304/; classtype:trojan-activity;sid:83512404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.215.176.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649303/; classtype:trojan-activity;sid:83512403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.210.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649302/; classtype:trojan-activity;sid:83512402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.131.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649301/; classtype:trojan-activity;sid:83512401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.106.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649300/; classtype:trojan-activity;sid:83512400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.79.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649299/; classtype:trojan-activity;sid:83512399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.210.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649298/; classtype:trojan-activity;sid:83512398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.209.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649297/; classtype:trojan-activity;sid:83512397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649296/; classtype:trojan-activity;sid:83512396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.22.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649295/; classtype:trojan-activity;sid:83512395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.171.120.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649294/; classtype:trojan-activity;sid:83512394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.165.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649293/; classtype:trojan-activity;sid:83512393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.89.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649292/; classtype:trojan-activity;sid:83512392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649291)"; flow:established,from_client; content:"GET"; http_method; content:"/ed/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"al-munawara.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649291/; classtype:trojan-activity;sid:83512391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649289)"; flow:established,from_client; content:"GET"; http_method; content:"/eao/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"leepebitz.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649289/; classtype:trojan-activity;sid:83512389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649290)"; flow:established,from_client; content:"GET"; http_method; content:"/bup/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"peasx.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649290/; classtype:trojan-activity;sid:83512390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649288)"; flow:established,from_client; content:"GET"; http_method; content:"/accn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"itacr.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649288/; classtype:trojan-activity;sid:83512388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649286)"; flow:established,from_client; content:"GET"; http_method; content:"/liee/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sumeetgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649286/; classtype:trojan-activity;sid:83512386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649287)"; flow:established,from_client; content:"GET"; http_method; content:"/os/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"testsieger-online.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649287/; classtype:trojan-activity;sid:83512387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649284)"; flow:established,from_client; content:"GET"; http_method; content:"/le/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"newbeginningsshc.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649284/; classtype:trojan-activity;sid:83512384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649285)"; flow:established,from_client; content:"GET"; http_method; content:"/ifoe/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"velstenapparel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649285/; classtype:trojan-activity;sid:83512385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649282)"; flow:established,from_client; content:"GET"; http_method; content:"/tnne/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hecfexpo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649282/; classtype:trojan-activity;sid:83512382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649283)"; flow:established,from_client; content:"GET"; http_method; content:"/ve/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ilnadir.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649283/; classtype:trojan-activity;sid:83512383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649279)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"melaniegowen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649279/; classtype:trojan-activity;sid:83512379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649280)"; flow:established,from_client; content:"GET"; http_method; content:"/elvq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"frey2.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649280/; classtype:trojan-activity;sid:83512380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649281)"; flow:established,from_client; content:"GET"; http_method; content:"/ts/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"noor786110.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649281/; classtype:trojan-activity;sid:83512381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649273)"; flow:established,from_client; content:"GET"; http_method; content:"/lvle/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"chinformatique-dz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649273/; classtype:trojan-activity;sid:83512373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqbl/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tenants.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649274/; classtype:trojan-activity;sid:83512374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649275)"; flow:established,from_client; content:"GET"; http_method; content:"/lvot/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"batsamco.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649275/; classtype:trojan-activity;sid:83512375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649276)"; flow:established,from_client; content:"GET"; http_method; content:"/sese/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gawahweekly.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649276/; classtype:trojan-activity;sid:83512376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649277)"; flow:established,from_client; content:"GET"; http_method; content:"/vedu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cgscoaching.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649277/; classtype:trojan-activity;sid:83512377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649278)"; flow:established,from_client; content:"GET"; http_method; content:"/qlsi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"patmypets.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649278/; classtype:trojan-activity;sid:83512378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649266)"; flow:established,from_client; content:"GET"; http_method; content:"/nne/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"acutweb.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649266/; classtype:trojan-activity;sid:83512366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649267)"; flow:established,from_client; content:"GET"; http_method; content:"/euit/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"launchfxm.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649267/; classtype:trojan-activity;sid:83512367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649268)"; flow:established,from_client; content:"GET"; http_method; content:"/cti/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"quranforkids.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649268/; classtype:trojan-activity;sid:83512368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649269)"; flow:established,from_client; content:"GET"; http_method; content:"/iqaq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cutacut.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649269/; classtype:trojan-activity;sid:83512369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649270)"; flow:established,from_client; content:"GET"; http_method; content:"/pt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"goromgorom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649270/; classtype:trojan-activity;sid:83512370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649271)"; flow:established,from_client; content:"GET"; http_method; content:"/pot/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vdtlte.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649271/; classtype:trojan-activity;sid:83512371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649272)"; flow:established,from_client; content:"GET"; http_method; content:"/cue/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shilhaandara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649272/; classtype:trojan-activity;sid:83512372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649263)"; flow:established,from_client; content:"GET"; http_method; content:"/srnl/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"recrealtor.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649263/; classtype:trojan-activity;sid:83512363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649264)"; flow:established,from_client; content:"GET"; http_method; content:"/ied/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"eagleuhd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649264/; classtype:trojan-activity;sid:83512364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649265)"; flow:established,from_client; content:"GET"; http_method; content:"/assu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mszjapan.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649265/; classtype:trojan-activity;sid:83512365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649259)"; flow:established,from_client; content:"GET"; http_method; content:"/urro/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"exoticoo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649259/; classtype:trojan-activity;sid:83512359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649260)"; flow:established,from_client; content:"GET"; http_method; content:"/tete/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"guillesa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649260/; classtype:trojan-activity;sid:83512360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649261)"; flow:established,from_client; content:"GET"; http_method; content:"/dit/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kandnsrecipecenter.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649261/; classtype:trojan-activity;sid:83512361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649262)"; flow:established,from_client; content:"GET"; http_method; content:"/amm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safrat-alriyadh.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649262/; classtype:trojan-activity;sid:83512362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649258)"; flow:established,from_client; content:"GET"; http_method; content:"/to/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tyrehouse.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649258/; classtype:trojan-activity;sid:83512358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649256)"; flow:established,from_client; content:"GET"; http_method; content:"/rt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"alnashe-trucks.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649256/; classtype:trojan-activity;sid:83512356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649257)"; flow:established,from_client; content:"GET"; http_method; content:"/dlio/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"irembo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649257/; classtype:trojan-activity;sid:83512357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649252)"; flow:established,from_client; content:"GET"; http_method; content:"/pmos/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"osttbrokeragellc.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649252/; classtype:trojan-activity;sid:83512352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649253)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jbsacademy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649253/; classtype:trojan-activity;sid:83512353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649254)"; flow:established,from_client; content:"GET"; http_method; content:"/uca/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nafeescables.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649254/; classtype:trojan-activity;sid:83512354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649255)"; flow:established,from_client; content:"GET"; http_method; content:"/erso/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jacksonkatz.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649255/; classtype:trojan-activity;sid:83512355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649251)"; flow:established,from_client; content:"GET"; http_method; content:"/amuo/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ecotasar.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649251/; classtype:trojan-activity;sid:83512351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649240)"; flow:established,from_client; content:"GET"; http_method; content:"/as/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wkkengineering.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649240/; classtype:trojan-activity;sid:83512340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649241)"; flow:established,from_client; content:"GET"; http_method; content:"/ut/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"basenaija.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649241/; classtype:trojan-activity;sid:83512341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649242)"; flow:established,from_client; content:"GET"; http_method; content:"/uamn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"portmapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649242/; classtype:trojan-activity;sid:83512342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649243)"; flow:established,from_client; content:"GET"; http_method; content:"/viie/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fdviral.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649243/; classtype:trojan-activity;sid:83512343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649244)"; flow:established,from_client; content:"GET"; http_method; content:"/at/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ihubtalent.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649244/; classtype:trojan-activity;sid:83512344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649245)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"curemedicals.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649245/; classtype:trojan-activity;sid:83512345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649246)"; flow:established,from_client; content:"GET"; http_method; content:"/po/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wiztecbd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649246/; classtype:trojan-activity;sid:83512346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649247)"; flow:established,from_client; content:"GET"; http_method; content:"/ihiu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"allpinless.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649247/; classtype:trojan-activity;sid:83512347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649248)"; flow:established,from_client; content:"GET"; http_method; content:"/uc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sudaksha.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649248/; classtype:trojan-activity;sid:83512348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649249)"; flow:established,from_client; content:"GET"; http_method; content:"/dne/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"centralvalleylaw.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649249/; classtype:trojan-activity;sid:83512349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649250)"; flow:established,from_client; content:"GET"; http_method; content:"/iua/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hurghadamuseum.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649250/; classtype:trojan-activity;sid:83512350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649229)"; flow:established,from_client; content:"GET"; http_method; content:"/iuu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fahmy-group.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649229/; classtype:trojan-activity;sid:83512329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649230)"; flow:established,from_client; content:"GET"; http_method; content:"/ino/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"modernprecast.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649230/; classtype:trojan-activity;sid:83512330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649231)"; flow:established,from_client; content:"GET"; http_method; content:"/leul/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fatonmustafi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649231/; classtype:trojan-activity;sid:83512331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649232)"; flow:established,from_client; content:"GET"; http_method; content:"/set/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"reposebay.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649232/; classtype:trojan-activity;sid:83512332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649233)"; flow:established,from_client; content:"GET"; http_method; content:"/olup/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nidanhospital.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649233/; classtype:trojan-activity;sid:83512333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649234)"; flow:established,from_client; content:"GET"; http_method; content:"/emse/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"massive-electronics.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649234/; classtype:trojan-activity;sid:83512334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649235)"; flow:established,from_client; content:"GET"; http_method; content:"/nl/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ejbreneman.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649235/; classtype:trojan-activity;sid:83512335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649236)"; flow:established,from_client; content:"GET"; http_method; content:"/no/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"indianrobostore.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649236/; classtype:trojan-activity;sid:83512336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649237)"; flow:established,from_client; content:"GET"; http_method; content:"/equ/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"daralhemaya.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649237/; classtype:trojan-activity;sid:83512337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649238)"; flow:established,from_client; content:"GET"; http_method; content:"/oes/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bibianos.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649238/; classtype:trojan-activity;sid:83512338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649239)"; flow:established,from_client; content:"GET"; http_method; content:"/ises/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"samaafm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649239/; classtype:trojan-activity;sid:83512339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649228)"; flow:established,from_client; content:"GET"; http_method; content:"/ae/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vainavitechnologies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649228/; classtype:trojan-activity;sid:83512328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649227/; classtype:trojan-activity;sid:83512327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.230.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649226/; classtype:trojan-activity;sid:83512326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.163.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649225/; classtype:trojan-activity;sid:83512325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.134.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649223/; classtype:trojan-activity;sid:83512323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649224/; classtype:trojan-activity;sid:83512324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.146.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649222/; classtype:trojan-activity;sid:83512322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.72.91.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649221/; classtype:trojan-activity;sid:83512321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.68.100.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649220/; classtype:trojan-activity;sid:83512320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.108.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649219/; classtype:trojan-activity;sid:83512319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649214)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649214/; classtype:trojan-activity;sid:83512314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649215)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649215/; classtype:trojan-activity;sid:83512315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649216)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649216/; classtype:trojan-activity;sid:83512316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649217)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649217/; classtype:trojan-activity;sid:83512317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649218)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649218/; classtype:trojan-activity;sid:83512318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649208)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649208/; classtype:trojan-activity;sid:83512308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649209)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649209/; classtype:trojan-activity;sid:83512309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649210)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649210/; classtype:trojan-activity;sid:83512310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649211)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649211/; classtype:trojan-activity;sid:83512311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649212)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649212/; classtype:trojan-activity;sid:83512312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649213)"; flow:established,from_client; content:"GET"; http_method; content:"/where/botx.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"108.61.211.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649213/; classtype:trojan-activity;sid:83512313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.100.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649207/; classtype:trojan-activity;sid:83512307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.139.181.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649206/; classtype:trojan-activity;sid:83512306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649205/; classtype:trojan-activity;sid:83512305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.115.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649204/; classtype:trojan-activity;sid:83512304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.240.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649203/; classtype:trojan-activity;sid:83512303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649202)"; flow:established,from_client; content:"GET"; http_method; content:"/ppdeqzaqjw/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kemenpppa.go.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649202/; classtype:trojan-activity;sid:83512302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649199)"; flow:established,from_client; content:"GET"; http_method; content:"/jhdnpqwzxr/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"monicacruz.com.co"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649199/; classtype:trojan-activity;sid:83512299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649200)"; flow:established,from_client; content:"GET"; http_method; content:"/twqvsmjjms/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"solucionarimoveis.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649200/; classtype:trojan-activity;sid:83512300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649201)"; flow:established,from_client; content:"GET"; http_method; content:"/jjpevrsmet/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"desireautoservice.ae"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649201/; classtype:trojan-activity;sid:83512301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649198)"; flow:established,from_client; content:"GET"; http_method; content:"/jgjbaamvgg/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"assurancebtp.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649198/; classtype:trojan-activity;sid:83512298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.214.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649197/; classtype:trojan-activity;sid:83512297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649196/; classtype:trojan-activity;sid:83512296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.39.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649195/; classtype:trojan-activity;sid:83512295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.202.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649194/; classtype:trojan-activity;sid:83512294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.118.101.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649192/; classtype:trojan-activity;sid:83512292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.224.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649193/; classtype:trojan-activity;sid:83512293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.50.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649191/; classtype:trojan-activity;sid:83512291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649190)"; flow:established,from_client; content:"GET"; http_method; content:"/ouasas.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"88.119.168.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649190/; classtype:trojan-activity;sid:83512290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"45.95.169.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649189/; classtype:trojan-activity;sid:83512289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649187)"; flow:established,from_client; content:"GET"; http_method; content:"/bbvabbva.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.66.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649187/; classtype:trojan-activity;sid:83512287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649188)"; flow:established,from_client; content:"GET"; http_method; content:"/dlink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.87.154.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649188/; classtype:trojan-activity;sid:83512288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649186)"; flow:established,from_client; content:"GET"; http_method; content:"/nxver.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649186/; classtype:trojan-activity;sid:83512286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649185)"; flow:established,from_client; content:"GET"; http_method; content:"/1/77.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"polushka.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649185/; classtype:trojan-activity;sid:83512285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649184)"; flow:established,from_client; content:"GET"; http_method; content:"/y"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.211.252.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649184/; classtype:trojan-activity;sid:83512284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.89.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649183/; classtype:trojan-activity;sid:83512283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649182/; classtype:trojan-activity;sid:83512282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649181/; classtype:trojan-activity;sid:83512281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.218.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649180/; classtype:trojan-activity;sid:83512280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649179)"; flow:established,from_client; content:"GET"; http_method; content:"/nthnhildnh/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yallanzakeronline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649179/; classtype:trojan-activity;sid:83512279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649177)"; flow:established,from_client; content:"GET"; http_method; content:"/ltmunshgsp/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ritus.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649177/; classtype:trojan-activity;sid:83512277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649178)"; flow:established,from_client; content:"GET"; http_method; content:"/gdelawvxwq/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"artejoy.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649178/; classtype:trojan-activity;sid:83512278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649175)"; flow:established,from_client; content:"GET"; http_method; content:"/jnrjghovih/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"royalbeirutkw.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649175/; classtype:trojan-activity;sid:83512275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649176)"; flow:established,from_client; content:"GET"; http_method; content:"/oalzmwupcx/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"payondego.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649176/; classtype:trojan-activity;sid:83512276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649174)"; flow:established,from_client; content:"GET"; http_method; content:"/awolznfmdr/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ossuniao.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649174/; classtype:trojan-activity;sid:83512274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649173)"; flow:established,from_client; content:"GET"; http_method; content:"/fyvhagbath/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wpbatch9.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649173/; classtype:trojan-activity;sid:83512273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649171)"; flow:established,from_client; content:"GET"; http_method; content:"/nhvihlwtjd/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"especialistadamente.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649171/; classtype:trojan-activity;sid:83512271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649172)"; flow:established,from_client; content:"GET"; http_method; content:"/ojrajwqxwc/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"homtex.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649172/; classtype:trojan-activity;sid:83512272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649170)"; flow:established,from_client; content:"GET"; http_method; content:"/wayqirsetv/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"agraartandcraft.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649170/; classtype:trojan-activity;sid:83512270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649168)"; flow:established,from_client; content:"GET"; http_method; content:"/jhgtfwtewo/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"shemis.co"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649168/; classtype:trojan-activity;sid:83512268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649169)"; flow:established,from_client; content:"GET"; http_method; content:"/cxczputnzi/rentfree.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tessacharpentier.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649169/; classtype:trojan-activity;sid:83512269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.31.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649167/; classtype:trojan-activity;sid:83512267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.31.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649166/; classtype:trojan-activity;sid:83512266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.200.250.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649165/; classtype:trojan-activity;sid:83512265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649164/; classtype:trojan-activity;sid:83512264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649160/; classtype:trojan-activity;sid:83512260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649161/; classtype:trojan-activity;sid:83512261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649162/; classtype:trojan-activity;sid:83512262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649163/; classtype:trojan-activity;sid:83512263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649156/; classtype:trojan-activity;sid:83512256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649157/; classtype:trojan-activity;sid:83512257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649158)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649158/; classtype:trojan-activity;sid:83512258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649159/; classtype:trojan-activity;sid:83512259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649153)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649153/; classtype:trojan-activity;sid:83512253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649154/; classtype:trojan-activity;sid:83512254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.110.49.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649155/; classtype:trojan-activity;sid:83512255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649152/; classtype:trojan-activity;sid:83512252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.200.250.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649151/; classtype:trojan-activity;sid:83512251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649150/; classtype:trojan-activity;sid:83512250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.255.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649149/; classtype:trojan-activity;sid:83512249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649148/; classtype:trojan-activity;sid:83512248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.47.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649147/; classtype:trojan-activity;sid:83512247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.16.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649146/; classtype:trojan-activity;sid:83512246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.171.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649145/; classtype:trojan-activity;sid:83512245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.52.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649144/; classtype:trojan-activity;sid:83512244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649143/; classtype:trojan-activity;sid:83512243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649142)"; flow:established,from_client; content:"GET"; http_method; content:"/xmeyuqpuid/xmeyuqpuid.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"afiadv.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649142/; classtype:trojan-activity;sid:83512242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.37.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649141/; classtype:trojan-activity;sid:83512241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.2.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649140/; classtype:trojan-activity;sid:83512240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.144.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649139/; classtype:trojan-activity;sid:83512239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649138)"; flow:established,from_client; content:"GET"; http_method; content:"/xmeyuqpuid/rentfree1.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"afiadv.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649138/; classtype:trojan-activity;sid:83512238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.252.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649137/; classtype:trojan-activity;sid:83512237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649136)"; flow:established,from_client; content:"GET"; http_method; content:"/r8jtup.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"garokelka.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649136/; classtype:trojan-activity;sid:83512236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649133)"; flow:established,from_client; content:"GET"; http_method; content:"/fy5jsi.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"koriska.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649133/; classtype:trojan-activity;sid:83512233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649134)"; flow:established,from_client; content:"GET"; http_method; content:"/m9bbkl.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tofinka.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649134/; classtype:trojan-activity;sid:83512234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649135)"; flow:established,from_client; content:"GET"; http_method; content:"/7ygrkx.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lakirasa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649135/; classtype:trojan-activity;sid:83512235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649131)"; flow:established,from_client; content:"GET"; http_method; content:"/9oar6p.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"retrenia.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649131/; classtype:trojan-activity;sid:83512231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649132)"; flow:established,from_client; content:"GET"; http_method; content:"/cw3mfy.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gurakis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649132/; classtype:trojan-activity;sid:83512232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.44.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649129/; classtype:trojan-activity;sid:83512229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.239.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649128/; classtype:trojan-activity;sid:83512228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.169.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649124/; classtype:trojan-activity;sid:83512224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.166.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649125/; classtype:trojan-activity;sid:83512225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.225.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649126/; classtype:trojan-activity;sid:83512226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.203.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649127/; classtype:trojan-activity;sid:83512227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.36.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649123/; classtype:trojan-activity;sid:83512223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.251.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649122/; classtype:trojan-activity;sid:83512222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.247.86.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649121/; classtype:trojan-activity;sid:83512221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.66.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649120/; classtype:trojan-activity;sid:83512220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649119/; classtype:trojan-activity;sid:83512219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649118)"; flow:established,from_client; content:"GET"; http_method; content:"/second.dll"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.241.17.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649118/; classtype:trojan-activity;sid:83512218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.137.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649117/; classtype:trojan-activity;sid:83512217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.108.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649116/; classtype:trojan-activity;sid:83512216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649115)"; flow:established,from_client; content:"GET"; http_method; content:"/48/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.14.224.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649115/; classtype:trojan-activity;sid:83512215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649114)"; flow:established,from_client; content:"GET"; http_method; content:"/agodzx.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649114/; classtype:trojan-activity;sid:83512214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649113)"; flow:established,from_client; content:"GET"; http_method; content:"/10783____/smss.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.221.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649113/; classtype:trojan-activity;sid:83512213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.252.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649112/; classtype:trojan-activity;sid:83512212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.170.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649111/; classtype:trojan-activity;sid:83512211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.113.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649109/; classtype:trojan-activity;sid:83512209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.233.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649110/; classtype:trojan-activity;sid:83512210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.100.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649108/; classtype:trojan-activity;sid:83512208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.2.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649107/; classtype:trojan-activity;sid:83512207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.105.105.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649106/; classtype:trojan-activity;sid:83512206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.240.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649104/; classtype:trojan-activity;sid:83512204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.136.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649105/; classtype:trojan-activity;sid:83512205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649102)"; flow:established,from_client; content:"GET"; http_method; content:"/jadpxzl/d715"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.236.9.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649102/; classtype:trojan-activity;sid:83512202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649103)"; flow:established,from_client; content:"GET"; http_method; content:"/etsdn/d715"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.236.9.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649103/; classtype:trojan-activity;sid:83512203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649101)"; flow:established,from_client; content:"GET"; http_method; content:"/05iei/d715"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.236.14.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649101/; classtype:trojan-activity;sid:83512201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.24.168.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649100/; classtype:trojan-activity;sid:83512200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.224.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649099/; classtype:trojan-activity;sid:83512199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.148.119.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649098/; classtype:trojan-activity;sid:83512198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649097/; classtype:trojan-activity;sid:83512197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.100.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649096/; classtype:trojan-activity;sid:83512196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.41.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649095/; classtype:trojan-activity;sid:83512195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.192.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649094/; classtype:trojan-activity;sid:83512194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649093)"; flow:established,from_client; content:"GET"; http_method; content:"/ccs/pcz.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.246.222.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649093/; classtype:trojan-activity;sid:83512193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.148.119.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649092/; classtype:trojan-activity;sid:83512192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.72.219.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649091/; classtype:trojan-activity;sid:83512191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.189.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649090/; classtype:trojan-activity;sid:83512190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.173.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649088/; classtype:trojan-activity;sid:83512188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.61.158.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649089/; classtype:trojan-activity;sid:83512189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649086/; classtype:trojan-activity;sid:83512186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.171.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649087/; classtype:trojan-activity;sid:83512187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649085)"; flow:established,from_client; content:"GET"; http_method; content:"/oo/oioioioioioio%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23oioioioi.doc"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"149.248.54.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649085/; classtype:trojan-activity;sid:83512185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.87.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649084/; classtype:trojan-activity;sid:83512184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.41.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649083/; classtype:trojan-activity;sid:83512183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.209.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649082/; classtype:trojan-activity;sid:83512182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.162.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649081/; classtype:trojan-activity;sid:83512181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.250.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649080/; classtype:trojan-activity;sid:83512180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.155.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649079/; classtype:trojan-activity;sid:83512179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.2.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649078/; classtype:trojan-activity;sid:83512178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.210.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649077/; classtype:trojan-activity;sid:83512177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.172.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649076/; classtype:trojan-activity;sid:83512176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.167.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649075/; classtype:trojan-activity;sid:83512175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649074/; classtype:trojan-activity;sid:83512174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649072/; classtype:trojan-activity;sid:83512172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649073/; classtype:trojan-activity;sid:83512173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649071)"; flow:established,from_client; content:"GET"; http_method; content:"/qt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"edumontonline.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649071/; classtype:trojan-activity;sid:83512171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649070)"; flow:established,from_client; content:"GET"; http_method; content:"/sl/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sherwoodsproperty.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649070/; classtype:trojan-activity;sid:83512170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.231.192.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649069/; classtype:trojan-activity;sid:83512169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.87.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649068/; classtype:trojan-activity;sid:83512168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.115.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649067/; classtype:trojan-activity;sid:83512167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.104.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649066/; classtype:trojan-activity;sid:83512166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.158.232.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649065/; classtype:trojan-activity;sid:83512165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.9.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649064/; classtype:trojan-activity;sid:83512164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.234.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649063/; classtype:trojan-activity;sid:83512163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649062/; classtype:trojan-activity;sid:83512162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.167.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649061/; classtype:trojan-activity;sid:83512161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.78.165.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649060/; classtype:trojan-activity;sid:83512160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.195.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649059/; classtype:trojan-activity;sid:83512159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.70.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649058/; classtype:trojan-activity;sid:83512158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649057)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.227.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649057/; classtype:trojan-activity;sid:83512157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.66.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649056/; classtype:trojan-activity;sid:83512156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649055/; classtype:trojan-activity;sid:83512155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.103.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649054/; classtype:trojan-activity;sid:83512154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.197.189.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649053/; classtype:trojan-activity;sid:83512153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.142.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649052/; classtype:trojan-activity;sid:83512152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.64.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649051/; classtype:trojan-activity;sid:83512151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.66.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649050/; classtype:trojan-activity;sid:83512150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.150.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649049/; classtype:trojan-activity;sid:83512149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.117.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649047/; classtype:trojan-activity;sid:83512147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.120.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649048/; classtype:trojan-activity;sid:83512148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.206.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649046/; classtype:trojan-activity;sid:83512146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.235.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649045/; classtype:trojan-activity;sid:83512145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.105.25.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649044/; classtype:trojan-activity;sid:83512144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.158.232.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649043/; classtype:trojan-activity;sid:83512143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.238.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649042/; classtype:trojan-activity;sid:83512142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.167.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649041/; classtype:trojan-activity;sid:83512141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.25.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649040/; classtype:trojan-activity;sid:83512140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.201.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649039/; classtype:trojan-activity;sid:83512139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.78.165.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649038/; classtype:trojan-activity;sid:83512138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.14.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649037/; classtype:trojan-activity;sid:83512137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.214.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649036/; classtype:trojan-activity;sid:83512136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649035/; classtype:trojan-activity;sid:83512135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.156.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649034/; classtype:trojan-activity;sid:83512134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649033/; classtype:trojan-activity;sid:83512133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.170.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649031/; classtype:trojan-activity;sid:83512131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.104.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649032/; classtype:trojan-activity;sid:83512132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.91.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649030/; classtype:trojan-activity;sid:83512130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.141.162.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649029/; classtype:trojan-activity;sid:83512129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649028)"; flow:established,from_client; content:"GET"; http_method; content:"/xegefi/xoxo/main/windowsdefender.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649028/; classtype:trojan-activity;sid:83512128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.116.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649027/; classtype:trojan-activity;sid:83512127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649026/; classtype:trojan-activity;sid:83512126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.14.121.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649025/; classtype:trojan-activity;sid:83512125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.58.116.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649024/; classtype:trojan-activity;sid:83512124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.183.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649023/; classtype:trojan-activity;sid:83512123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.53.18.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649022/; classtype:trojan-activity;sid:83512122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.66.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649021/; classtype:trojan-activity;sid:83512121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.1.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649020/; classtype:trojan-activity;sid:83512120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.157.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649019/; classtype:trojan-activity;sid:83512119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.174.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649018/; classtype:trojan-activity;sid:83512118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.182.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649017/; classtype:trojan-activity;sid:83512117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.98.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649016/; classtype:trojan-activity;sid:83512116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.51.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649014/; classtype:trojan-activity;sid:83512114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.70.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649015/; classtype:trojan-activity;sid:83512115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.174.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649013/; classtype:trojan-activity;sid:83512113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649012)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yteahmsd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649012/; classtype:trojan-activity;sid:83512112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.172.222.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649011/; classtype:trojan-activity;sid:83512111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649010)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1053354068959051837/1113107209493155840/update.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649010/; classtype:trojan-activity;sid:83512110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.133.130.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649009/; classtype:trojan-activity;sid:83512109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.120.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649007/; classtype:trojan-activity;sid:83512107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.101.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649008/; classtype:trojan-activity;sid:83512108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.40.11.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649006/; classtype:trojan-activity;sid:83512106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.141.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649005/; classtype:trojan-activity;sid:83512105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.61.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649004/; classtype:trojan-activity;sid:83512104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649003)"; flow:established,from_client; content:"GET"; http_method; content:"/d/r.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649003/; classtype:trojan-activity;sid:83512103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649000)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ar.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649000/; classtype:trojan-activity;sid:83512100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649001)"; flow:established,from_client; content:"GET"; http_method; content:"/d/arr.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649001/; classtype:trojan-activity;sid:83512101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649002)"; flow:established,from_client; content:"GET"; http_method; content:"/d/d.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649002/; classtype:trojan-activity;sid:83512102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648999)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/um5fjud8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648999/; classtype:trojan-activity;sid:83512099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.232.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648998/; classtype:trojan-activity;sid:83512098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648997)"; flow:established,from_client; content:"GET"; http_method; content:"/duantienty/client/main/kyovn.jpg"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648997/; classtype:trojan-activity;sid:83512097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648996)"; flow:established,from_client; content:"GET"; http_method; content:"/duantienty/client/main/client2.jpg"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648996/; classtype:trojan-activity;sid:83512096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648995)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/lvwymihr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648995/; classtype:trojan-activity;sid:83512095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.64.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648994/; classtype:trojan-activity;sid:83512094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.108.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648993/; classtype:trojan-activity;sid:83512093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.81.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648992/; classtype:trojan-activity;sid:83512092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.111.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648990/; classtype:trojan-activity;sid:83512090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.88.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648991/; classtype:trojan-activity;sid:83512091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.106.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648988/; classtype:trojan-activity;sid:83512088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.223.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648989/; classtype:trojan-activity;sid:83512089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648987)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kggtn56g"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648987/; classtype:trojan-activity;sid:83512087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.171.40.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648986/; classtype:trojan-activity;sid:83512086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648985)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kffcqxtt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648985/; classtype:trojan-activity;sid:83512085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.222.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648984/; classtype:trojan-activity;sid:83512084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.52.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648983/; classtype:trojan-activity;sid:83512083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.146.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648982/; classtype:trojan-activity;sid:83512082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.167.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648981/; classtype:trojan-activity;sid:83512081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.234.151.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648980/; classtype:trojan-activity;sid:83512080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648979/; classtype:trojan-activity;sid:83512079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648978/; classtype:trojan-activity;sid:83512078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648977/; classtype:trojan-activity;sid:83512077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.99.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648975/; classtype:trojan-activity;sid:83512075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648976/; classtype:trojan-activity;sid:83512076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.248.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648974/; classtype:trojan-activity;sid:83512074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648973/; classtype:trojan-activity;sid:83512073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.116.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648972/; classtype:trojan-activity;sid:83512072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.85.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648970/; classtype:trojan-activity;sid:83512070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.222.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648971/; classtype:trojan-activity;sid:83512071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.199.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648969/; classtype:trojan-activity;sid:83512069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.86.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648968/; classtype:trojan-activity;sid:83512068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648967)"; flow:established,from_client; content:"GET"; http_method; content:"/usar/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vitalsync.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648967/; classtype:trojan-activity;sid:83512067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648966/; classtype:trojan-activity;sid:83512066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648965)"; flow:established,from_client; content:"GET"; http_method; content:"/pax"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"68.235.39.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648965/; classtype:trojan-activity;sid:83512065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648964/; classtype:trojan-activity;sid:83512064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.188.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648963/; classtype:trojan-activity;sid:83512063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.157.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648962/; classtype:trojan-activity;sid:83512062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648961)"; flow:established,from_client; content:"GET"; http_method; content:"/eroa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eliteadsclocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648961/; classtype:trojan-activity;sid:83512061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.52.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648959/; classtype:trojan-activity;sid:83512059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648960)"; flow:established,from_client; content:"GET"; http_method; content:"/em/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eliteadsclocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648960/; classtype:trojan-activity;sid:83512060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648957)"; flow:established,from_client; content:"GET"; http_method; content:"/ut/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"altinvadi.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648957/; classtype:trojan-activity;sid:83512057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648958)"; flow:established,from_client; content:"GET"; http_method; content:"/eeti/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"eliteadsclocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648958/; classtype:trojan-activity;sid:83512058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648954)"; flow:established,from_client; content:"GET"; http_method; content:"/isue/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nladfk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648954/; classtype:trojan-activity;sid:83512054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648955)"; flow:established,from_client; content:"GET"; http_method; content:"/rmua/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sercitec.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648955/; classtype:trojan-activity;sid:83512055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648956)"; flow:established,from_client; content:"GET"; http_method; content:"/dnue/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sercitec.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648956/; classtype:trojan-activity;sid:83512056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648953)"; flow:established,from_client; content:"GET"; http_method; content:"/psao/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"zmqnbags.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648953/; classtype:trojan-activity;sid:83512053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648950)"; flow:established,from_client; content:"GET"; http_method; content:"/eio/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dozajans.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648950/; classtype:trojan-activity;sid:83512050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648951)"; flow:established,from_client; content:"GET"; http_method; content:"/ooi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"afauto.it"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648951/; classtype:trojan-activity;sid:83512051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648952)"; flow:established,from_client; content:"GET"; http_method; content:"/etut/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"afauto.it"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648952/; classtype:trojan-activity;sid:83512052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648945)"; flow:established,from_client; content:"GET"; http_method; content:"/teos/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nladfk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648945/; classtype:trojan-activity;sid:83512045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648946)"; flow:established,from_client; content:"GET"; http_method; content:"/ro/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"torahs2cents.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648946/; classtype:trojan-activity;sid:83512046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648947)"; flow:established,from_client; content:"GET"; http_method; content:"/ia/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"almoez.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648947/; classtype:trojan-activity;sid:83512047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648948)"; flow:established,from_client; content:"GET"; http_method; content:"/nasd/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kardeslerboncukhediyelik.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648948/; classtype:trojan-activity;sid:83512048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648949)"; flow:established,from_client; content:"GET"; http_method; content:"/esem/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"kardeslerboncukhediyelik.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648949/; classtype:trojan-activity;sid:83512049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648937)"; flow:established,from_client; content:"GET"; http_method; content:"/dero/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"altinvadi.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648937/; classtype:trojan-activity;sid:83512037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648938)"; flow:established,from_client; content:"GET"; http_method; content:"/au/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"kardeslerboncukhediyelik.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648938/; classtype:trojan-activity;sid:83512038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648939)"; flow:established,from_client; content:"GET"; http_method; content:"/daa/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kardeslerboncukhediyelik.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648939/; classtype:trojan-activity;sid:83512039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648940)"; flow:established,from_client; content:"GET"; http_method; content:"/vo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"torahs2cents.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648940/; classtype:trojan-activity;sid:83512040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648941)"; flow:established,from_client; content:"GET"; http_method; content:"/ites/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jayalakshmitravels.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648941/; classtype:trojan-activity;sid:83512041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648942)"; flow:established,from_client; content:"GET"; http_method; content:"/um/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"247xtrade.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648942/; classtype:trojan-activity;sid:83512042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648943)"; flow:established,from_client; content:"GET"; http_method; content:"/ist/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aamalapp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648943/; classtype:trojan-activity;sid:83512043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648944)"; flow:established,from_client; content:"GET"; http_method; content:"/aa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"securesoftwaredesing.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648944/; classtype:trojan-activity;sid:83512044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648928)"; flow:established,from_client; content:"GET"; http_method; content:"/rr/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"torahs2cents.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648928/; classtype:trojan-activity;sid:83512028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648929)"; flow:established,from_client; content:"GET"; http_method; content:"/uodn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tejuoshoshoppingcomplex.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648929/; classtype:trojan-activity;sid:83512029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648930)"; flow:established,from_client; content:"GET"; http_method; content:"/im/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"infigroupsindia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648930/; classtype:trojan-activity;sid:83512030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648931)"; flow:established,from_client; content:"GET"; http_method; content:"/in/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"almoez.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648931/; classtype:trojan-activity;sid:83512031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648932)"; flow:established,from_client; content:"GET"; http_method; content:"/erur/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"angelakelleyphotography.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648932/; classtype:trojan-activity;sid:83512032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648933)"; flow:established,from_client; content:"GET"; http_method; content:"/csum/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"exoticoo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648933/; classtype:trojan-activity;sid:83512033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648934)"; flow:established,from_client; content:"GET"; http_method; content:"/ct/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"droyals.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648934/; classtype:trojan-activity;sid:83512034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648935)"; flow:established,from_client; content:"GET"; http_method; content:"/ca/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"securesoftwaredesing.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648935/; classtype:trojan-activity;sid:83512035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648936)"; flow:established,from_client; content:"GET"; http_method; content:"/adie/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"studio24mw.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648936/; classtype:trojan-activity;sid:83512036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648919)"; flow:established,from_client; content:"GET"; http_method; content:"/aif/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"modernurogyn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648919/; classtype:trojan-activity;sid:83512019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648920)"; flow:established,from_client; content:"GET"; http_method; content:"/eo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"treadlefish.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648920/; classtype:trojan-activity;sid:83512020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648921)"; flow:established,from_client; content:"GET"; http_method; content:"/li/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ufagold.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648921/; classtype:trojan-activity;sid:83512021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648922)"; flow:established,from_client; content:"GET"; http_method; content:"/etni/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"angelakelleyphotography.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648922/; classtype:trojan-activity;sid:83512022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648923)"; flow:established,from_client; content:"GET"; http_method; content:"/usi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ufagold.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648923/; classtype:trojan-activity;sid:83512023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648924)"; flow:established,from_client; content:"GET"; http_method; content:"/ml/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"studio24mw.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648924/; classtype:trojan-activity;sid:83512024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648925)"; flow:established,from_client; content:"GET"; http_method; content:"/qu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"almoez.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648925/; classtype:trojan-activity;sid:83512025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648926)"; flow:established,from_client; content:"GET"; http_method; content:"/ume/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"droyals.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648926/; classtype:trojan-activity;sid:83512026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648927)"; flow:established,from_client; content:"GET"; http_method; content:"/ads/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"modernurogyn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648927/; classtype:trojan-activity;sid:83512027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648910)"; flow:established,from_client; content:"GET"; http_method; content:"/uao/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"expaceos.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648910/; classtype:trojan-activity;sid:83512010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648911)"; flow:established,from_client; content:"GET"; http_method; content:"/iu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nladfk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648911/; classtype:trojan-activity;sid:83512011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648912)"; flow:established,from_client; content:"GET"; http_method; content:"/stei/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"next-vapors.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648912/; classtype:trojan-activity;sid:83512012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648913)"; flow:established,from_client; content:"GET"; http_method; content:"/utr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vitalsync.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648913/; classtype:trojan-activity;sid:83512013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648914)"; flow:established,from_client; content:"GET"; http_method; content:"/eai/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"torahs2cents.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648914/; classtype:trojan-activity;sid:83512014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648915)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"247xtrade.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648915/; classtype:trojan-activity;sid:83512015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648916)"; flow:established,from_client; content:"GET"; http_method; content:"/rp/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"infigroupsindia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648916/; classtype:trojan-activity;sid:83512016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648917)"; flow:established,from_client; content:"GET"; http_method; content:"/itma/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"angelakelleyphotography.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648917/; classtype:trojan-activity;sid:83512017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648918)"; flow:established,from_client; content:"GET"; http_method; content:"/uadq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"securesoftwaredesing.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648918/; classtype:trojan-activity;sid:83512018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648900)"; flow:established,from_client; content:"GET"; http_method; content:"/uv/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"binbakar.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648900/; classtype:trojan-activity;sid:83512000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648901)"; flow:established,from_client; content:"GET"; http_method; content:"/nscf/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vitalsync.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648901/; classtype:trojan-activity;sid:83512001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648902)"; flow:established,from_client; content:"GET"; http_method; content:"/aiua/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"angelakelleyphotography.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648902/; classtype:trojan-activity;sid:83512002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648903)"; flow:established,from_client; content:"GET"; http_method; content:"/uau/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shayksatay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648903/; classtype:trojan-activity;sid:83512003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648904)"; flow:established,from_client; content:"GET"; http_method; content:"/atsu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"toplitoral.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648904/; classtype:trojan-activity;sid:83512004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648905)"; flow:established,from_client; content:"GET"; http_method; content:"/dme/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"almoez.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648905/; classtype:trojan-activity;sid:83512005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648906)"; flow:established,from_client; content:"GET"; http_method; content:"/nmcc/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"almoez.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648906/; classtype:trojan-activity;sid:83512006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648907)"; flow:established,from_client; content:"GET"; http_method; content:"/oeni/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jayalakshmitravels.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648907/; classtype:trojan-activity;sid:83512007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648908)"; flow:established,from_client; content:"GET"; http_method; content:"/sus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nladfk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648908/; classtype:trojan-activity;sid:83512008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648909)"; flow:established,from_client; content:"GET"; http_method; content:"/ba/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nladfk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648909/; classtype:trojan-activity;sid:83512009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648895)"; flow:established,from_client; content:"GET"; http_method; content:"/mi/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"logistic-pro.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648895/; classtype:trojan-activity;sid:83511995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648896)"; flow:established,from_client; content:"GET"; http_method; content:"/tioi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"logistic-pro.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648896/; classtype:trojan-activity;sid:83511996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648897)"; flow:established,from_client; content:"GET"; http_method; content:"/se/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nooranbeauty.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648897/; classtype:trojan-activity;sid:83511997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648898)"; flow:established,from_client; content:"GET"; http_method; content:"/ede/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tammisnaps.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648898/; classtype:trojan-activity;sid:83511998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648899)"; flow:established,from_client; content:"GET"; http_method; content:"/moi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shayksatay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648899/; classtype:trojan-activity;sid:83511999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648889)"; flow:established,from_client; content:"GET"; http_method; content:"/ad/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"next-vapors.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648889/; classtype:trojan-activity;sid:83511989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648890)"; flow:established,from_client; content:"GET"; http_method; content:"/losb/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"treadlefish.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648890/; classtype:trojan-activity;sid:83511990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648891)"; flow:established,from_client; content:"GET"; http_method; content:"/mo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tiblej.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648891/; classtype:trojan-activity;sid:83511991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648892)"; flow:established,from_client; content:"GET"; http_method; content:"/tte/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"binbakar.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648892/; classtype:trojan-activity;sid:83511992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648893)"; flow:established,from_client; content:"GET"; http_method; content:"/li/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hm-international.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648893/; classtype:trojan-activity;sid:83511993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648894)"; flow:established,from_client; content:"GET"; http_method; content:"/na/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"linkajobs.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648894/; classtype:trojan-activity;sid:83511994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648884)"; flow:established,from_client; content:"GET"; http_method; content:"/oo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nananobengkouakou.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648884/; classtype:trojan-activity;sid:83511984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648885)"; flow:established,from_client; content:"GET"; http_method; content:"/uie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"agrominingtecnologia.net.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648885/; classtype:trojan-activity;sid:83511985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648886)"; flow:established,from_client; content:"GET"; http_method; content:"/uci/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vitalsync.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648886/; classtype:trojan-activity;sid:83511986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648887)"; flow:established,from_client; content:"GET"; http_method; content:"/sa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vitalsync.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648887/; classtype:trojan-activity;sid:83511987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648888)"; flow:established,from_client; content:"GET"; http_method; content:"/tu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"treadlefish.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648888/; classtype:trojan-activity;sid:83511988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648881)"; flow:established,from_client; content:"GET"; http_method; content:"/ntu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"eastindiaagro.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648881/; classtype:trojan-activity;sid:83511981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648882)"; flow:established,from_client; content:"GET"; http_method; content:"/iiiq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jayalakshmitravels.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648882/; classtype:trojan-activity;sid:83511982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648883)"; flow:established,from_client; content:"GET"; http_method; content:"/xt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bajosombra.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648883/; classtype:trojan-activity;sid:83511983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648880)"; flow:established,from_client; content:"GET"; http_method; content:"/umt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nananobengkouakou.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648880/; classtype:trojan-activity;sid:83511980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648874)"; flow:established,from_client; content:"GET"; http_method; content:"/pec/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"eastindiaagro.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648874/; classtype:trojan-activity;sid:83511974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648875)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"toplitoral.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648875/; classtype:trojan-activity;sid:83511975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648876)"; flow:established,from_client; content:"GET"; http_method; content:"/niq/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tpksecuritygroup.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648876/; classtype:trojan-activity;sid:83511976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648877)"; flow:established,from_client; content:"GET"; http_method; content:"/at/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bajosombra.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648877/; classtype:trojan-activity;sid:83511977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648878)"; flow:established,from_client; content:"GET"; http_method; content:"/ecuu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tammisnaps.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648878/; classtype:trojan-activity;sid:83511978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648879)"; flow:established,from_client; content:"GET"; http_method; content:"/ela/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"exoticoo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648879/; classtype:trojan-activity;sid:83511979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648869)"; flow:established,from_client; content:"GET"; http_method; content:"/riu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"exoticoo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648869/; classtype:trojan-activity;sid:83511969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648870)"; flow:established,from_client; content:"GET"; http_method; content:"/eten/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"toplitoral.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648870/; classtype:trojan-activity;sid:83511970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648871)"; flow:established,from_client; content:"GET"; http_method; content:"/as/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"toplitoral.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648871/; classtype:trojan-activity;sid:83511971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648872)"; flow:established,from_client; content:"GET"; http_method; content:"/cios/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"exoticoo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648872/; classtype:trojan-activity;sid:83511972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648873)"; flow:established,from_client; content:"GET"; http_method; content:"/ol/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"eastindiaagro.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648873/; classtype:trojan-activity;sid:83511973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648868)"; flow:established,from_client; content:"GET"; http_method; content:"/uiuq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"modernurogyn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648868/; classtype:trojan-activity;sid:83511968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.238.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648867/; classtype:trojan-activity;sid:83511967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.171.40.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648866/; classtype:trojan-activity;sid:83511966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648865)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.86.19.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648865/; classtype:trojan-activity;sid:83511965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.185.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648864/; classtype:trojan-activity;sid:83511964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.183.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648863/; classtype:trojan-activity;sid:83511963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648862)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xqyr9fn4c2jh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648862/; classtype:trojan-activity;sid:83511962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.174.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648861/; classtype:trojan-activity;sid:83511961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.199.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648859/; classtype:trojan-activity;sid:83511959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.229.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648860/; classtype:trojan-activity;sid:83511960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.238.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648858/; classtype:trojan-activity;sid:83511958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.7.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648857/; classtype:trojan-activity;sid:83511957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648854)"; flow:established,from_client; content:"GET"; http_method; content:"/p6f/b510"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"162.252.175.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648854/; classtype:trojan-activity;sid:83511954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648855)"; flow:established,from_client; content:"GET"; http_method; content:"/w7wn/b510"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.252.175.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648855/; classtype:trojan-activity;sid:83511955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648856)"; flow:established,from_client; content:"GET"; http_method; content:"/ahgtlct/b510"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"151.236.9.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648856/; classtype:trojan-activity;sid:83511956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648853)"; flow:established,from_client; content:"GET"; http_method; content:"/eeb/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"leepebitz.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648853/; classtype:trojan-activity;sid:83511953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648852/; classtype:trojan-activity;sid:83511952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.92.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648850/; classtype:trojan-activity;sid:83511950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.138.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648851/; classtype:trojan-activity;sid:83511951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.176.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648849/; classtype:trojan-activity;sid:83511949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.105.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648848/; classtype:trojan-activity;sid:83511948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.171.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648847/; classtype:trojan-activity;sid:83511947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.191.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648846/; classtype:trojan-activity;sid:83511946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.124.6.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648845/; classtype:trojan-activity;sid:83511945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648844)"; flow:established,from_client; content:"GET"; http_method; content:"/99/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.167.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648844/; classtype:trojan-activity;sid:83511944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.101.96.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648843/; classtype:trojan-activity;sid:83511943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.110.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648842/; classtype:trojan-activity;sid:83511942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.7.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648841/; classtype:trojan-activity;sid:83511941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.176.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648840/; classtype:trojan-activity;sid:83511940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.211.200.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648839/; classtype:trojan-activity;sid:83511939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.230.40.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648838/; classtype:trojan-activity;sid:83511938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.210.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648837/; classtype:trojan-activity;sid:83511937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648836)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648836/; classtype:trojan-activity;sid:83511936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648833)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648833/; classtype:trojan-activity;sid:83511933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648834)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648834/; classtype:trojan-activity;sid:83511934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648835)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648835/; classtype:trojan-activity;sid:83511935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648831)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648831/; classtype:trojan-activity;sid:83511931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.15.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648832/; classtype:trojan-activity;sid:83511932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648825)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648825/; classtype:trojan-activity;sid:83511925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648826)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648826/; classtype:trojan-activity;sid:83511926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648827)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648827/; classtype:trojan-activity;sid:83511927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648828)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648828/; classtype:trojan-activity;sid:83511928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648829)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648829/; classtype:trojan-activity;sid:83511929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648830/; classtype:trojan-activity;sid:83511930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648824)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648824/; classtype:trojan-activity;sid:83511924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.124.6.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648823/; classtype:trojan-activity;sid:83511923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.214.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648820/; classtype:trojan-activity;sid:83511920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.43.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648821/; classtype:trojan-activity;sid:83511921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.43.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648822/; classtype:trojan-activity;sid:83511922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.192.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648819/; classtype:trojan-activity;sid:83511919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648818)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.58.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648818/; classtype:trojan-activity;sid:83511918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.228.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648817/; classtype:trojan-activity;sid:83511917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.63.58.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648816/; classtype:trojan-activity;sid:83511916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648815)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.73.83.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648815/; classtype:trojan-activity;sid:83511915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648814)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.157.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648814/; classtype:trojan-activity;sid:83511914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648813)"; flow:established,from_client; content:"GET"; http_method; content:"/ui/uiuiuiuiuiuiuiuiuiuiuiu%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23uiuiuiuiuiuiuiu.doc"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.167.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648813/; classtype:trojan-activity;sid:83511913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648812)"; flow:established,from_client; content:"GET"; http_method; content:"/ig/igigigigigigigigigi%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23igigigigigigi.doc"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"server1.childrenspiace.us"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648812/; classtype:trojan-activity;sid:83511912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648811)"; flow:established,from_client; content:"GET"; http_method; content:"/ui/zi/ziziziziiziziziizizizizi%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ziziziziizzi.doc"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.167.90.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648811/; classtype:trojan-activity;sid:83511911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648810)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.132.193.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648810/; classtype:trojan-activity;sid:83511910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648809)"; flow:established,from_client; content:"GET"; http_method; content:"/cg/seema.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"thenaturalflavorproject.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648809/; classtype:trojan-activity;sid:83511909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648807)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.126.35.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648807/; classtype:trojan-activity;sid:83511907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648808)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.185.91.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648808/; classtype:trojan-activity;sid:83511908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648806)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.118.210.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648806/; classtype:trojan-activity;sid:83511906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648805)"; flow:established,from_client; content:"GET"; http_method; content:"/d/nev.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.54.50.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648805/; classtype:trojan-activity;sid:83511905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648804)"; flow:established,from_client; content:"GET"; http_method; content:"/imagify-backup/201_iuumuyiefhf"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"savory.com.bd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648804/; classtype:trojan-activity;sid:83511904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648803)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"99.122.11.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648803/; classtype:trojan-activity;sid:83511903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.20.129.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648802/; classtype:trojan-activity;sid:83511902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648801)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.112.13.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648801/; classtype:trojan-activity;sid:83511901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.228.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648800/; classtype:trojan-activity;sid:83511900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648799/; classtype:trojan-activity;sid:83511899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.138.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648798/; classtype:trojan-activity;sid:83511898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.116.206.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648797/; classtype:trojan-activity;sid:83511897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648796)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.142.141.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648796/; classtype:trojan-activity;sid:83511896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648795)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.168.147.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648795/; classtype:trojan-activity;sid:83511895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.123.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648794/; classtype:trojan-activity;sid:83511894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.171.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648793/; classtype:trojan-activity;sid:83511893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.110.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648791/; classtype:trojan-activity;sid:83511891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.184.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648792/; classtype:trojan-activity;sid:83511892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.106.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648790/; classtype:trojan-activity;sid:83511890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"106.104.169.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648789/; classtype:trojan-activity;sid:83511889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.106.82.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648788/; classtype:trojan-activity;sid:83511888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648787/; classtype:trojan-activity;sid:83511887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.43.200.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648786/; classtype:trojan-activity;sid:83511886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648785)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.139.46.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648785/; classtype:trojan-activity;sid:83511885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648784)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.161.83.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648784/; classtype:trojan-activity;sid:83511884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.106.152.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648783/; classtype:trojan-activity;sid:83511883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.162.107.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648782/; classtype:trojan-activity;sid:83511882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.191.220.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648781/; classtype:trojan-activity;sid:83511881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648780)"; flow:established,from_client; content:"GET"; http_method; content:"/98/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.133.104.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648780/; classtype:trojan-activity;sid:83511880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648779)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.93.248.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648779/; classtype:trojan-activity;sid:83511879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.71.236.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648778/; classtype:trojan-activity;sid:83511878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648777)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.224.185.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648777/; classtype:trojan-activity;sid:83511877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648775)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.188.179.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648775/; classtype:trojan-activity;sid:83511875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648776)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"96.75.82.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648776/; classtype:trojan-activity;sid:83511876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.126.215.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648774/; classtype:trojan-activity;sid:83511874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648773)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.61.114.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648773/; classtype:trojan-activity;sid:83511873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.237.166.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648772/; classtype:trojan-activity;sid:83511872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.61.114.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648771/; classtype:trojan-activity;sid:83511871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.204.13.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648770/; classtype:trojan-activity;sid:83511870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648769)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.157.88.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648769/; classtype:trojan-activity;sid:83511869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648768/; classtype:trojan-activity;sid:83511868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.179.67.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648767/; classtype:trojan-activity;sid:83511867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.209.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648766/; classtype:trojan-activity;sid:83511866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.49.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648765/; classtype:trojan-activity;sid:83511865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.195.205.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648764/; classtype:trojan-activity;sid:83511864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.138.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648763/; classtype:trojan-activity;sid:83511863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.59.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648762/; classtype:trojan-activity;sid:83511862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648761)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.89.221.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648761/; classtype:trojan-activity;sid:83511861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648760)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/zp.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648760/; classtype:trojan-activity;sid:83511860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648751)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/eua.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648751/; classtype:trojan-activity;sid:83511851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648752)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/euk.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648752/; classtype:trojan-activity;sid:83511852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648753)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/euaa.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648753/; classtype:trojan-activity;sid:83511853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648754)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/as.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648754/; classtype:trojan-activity;sid:83511854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648755)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/mx.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648755/; classtype:trojan-activity;sid:83511855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648756)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/zk.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648756/; classtype:trojan-activity;sid:83511856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648757)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/zpeu.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648757/; classtype:trojan-activity;sid:83511857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648758)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/zp.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648758/; classtype:trojan-activity;sid:83511858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648759)"; flow:established,from_client; content:"GET"; http_method; content:"/zp/zpeu.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.dld.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648759/; classtype:trojan-activity;sid:83511859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648750)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.115.195.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648750/; classtype:trojan-activity;sid:83511850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648749)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.241.232.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648749/; classtype:trojan-activity;sid:83511849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648748)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.89.110.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648748/; classtype:trojan-activity;sid:83511848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648747)"; flow:established,from_client; content:"GET"; http_method; content:"/download/file_pass1234.7z"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"infotrace.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648747/; classtype:trojan-activity;sid:83511847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648746)"; flow:established,from_client; content:"GET"; http_method; content:"/ogumbgejapxd.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.39.207.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648746/; classtype:trojan-activity;sid:83511846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648745)"; flow:established,from_client; content:"GET"; http_method; content:"/doc800513317_661842695|3f|hash=qlkrgt9d06htlv1mbzpv9scce3gpa9qc2eaxzzzcdw8|7c|26|7c|dl=ycwo3axdu0ovneol1kkrln8nzlok9lb3q4whumywkop|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648745/; classtype:trojan-activity;sid:83511845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648743)"; flow:established,from_client; content:"GET"; http_method; content:"/doc791620691_664750734|3f|hash=gys3mvxzpxdviiulv0g0be5nmlz0jnvlvuyesi051ks|7c|26|7c|dl=dtbovjqkf6k9klgt8l8nhefgnfc2j45ewllbvnnsgi8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648743/; classtype:trojan-activity;sid:83511843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648744)"; flow:established,from_client; content:"GET"; http_method; content:"/doc800513317_661831941|3f|hash=kc1u4olcaymuhvtmfoutyszdry3esjwfvrzp6qpgpus|7c|26|7c|dl=7914u1ipemjzraz1e75d2g0xzbq90wsmerxsgdjytgl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648744/; classtype:trojan-activity;sid:83511844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648740)"; flow:established,from_client; content:"GET"; http_method; content:"/doc791620691_664758442|3f|hash=6aztebw2uhe7mjsazjiitxl6udz9wrq7z6rk1eghoz4|7c|26|7c|dl=b2ywa552bj5es6e8vdsg9kfvdyxbmy9e5u9d5ajsqi4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648740/; classtype:trojan-activity;sid:83511840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648741)"; flow:established,from_client; content:"GET"; http_method; content:"/doc791620691_664757382|3f|hash=hu0surw9fmjzuiahp2eoafrrvpqsrzkd5rifrpfaczp|7c|26|7c|dl=zwjlwsjrcfkgcsj2ghdyedqcxjwzxujzkzilxjt2x40|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648741/; classtype:trojan-activity;sid:83511841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648742)"; flow:established,from_client; content:"GET"; http_method; content:"/doc791620691_664778431|3f|hash=fcckivk7lxuc615dqmm2rnqfrdnte8ivgwcqk3ydjuc|7c|26|7c|dl=zx9nedvnxiput4a3v4usdmzr7uwomvmpb8ueltgcbxg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648742/; classtype:trojan-activity;sid:83511842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648739)"; flow:established,from_client; content:"GET"; http_method; content:"/kurama.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.143.223.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648739/; classtype:trojan-activity;sid:83511839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648738)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.99.61.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648738/; classtype:trojan-activity;sid:83511838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.237.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648737/; classtype:trojan-activity;sid:83511837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.211.43.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648736/; classtype:trojan-activity;sid:83511836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.135.132.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648735/; classtype:trojan-activity;sid:83511835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.224.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648734/; classtype:trojan-activity;sid:83511834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648733)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/iiiiiiiiiiiiiiiiiiiiiiiiiiiiii%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23iiiiiiiiiiiiiiiiiiiiiiiii.doc"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"213.227.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648733/; classtype:trojan-activity;sid:83511833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648732)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.216.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648732/; classtype:trojan-activity;sid:83511832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648731)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/systemdata/infinity_fernwartung.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.infinity-systems.it"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648731/; classtype:trojan-activity;sid:83511831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648730)"; flow:established,from_client; content:"GET"; http_method; content:"/qqmtxwow/po-jpg0038948082.lzh"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ozla1a.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648730/; classtype:trojan-activity;sid:83511830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648729)"; flow:established,from_client; content:"GET"; http_method; content:"/jokerzx.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648729/; classtype:trojan-activity;sid:83511829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648728)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.77.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648728/; classtype:trojan-activity;sid:83511828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648727)"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/modules/mod_feed/atm_fradulent_transaction_note_docx.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"aikibursa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648727/; classtype:trojan-activity;sid:83511827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648726)"; flow:established,from_client; content:"GET"; http_method; content:"/u/s!arhzkuv8xufqgqbcjjuxu0pso4hj"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"1drv.ms"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648726/; classtype:trojan-activity;sid:83511826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648725/; classtype:trojan-activity;sid:83511825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.92.110.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648724/; classtype:trojan-activity;sid:83511824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648723/; classtype:trojan-activity;sid:83511823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.34.235.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648721/; classtype:trojan-activity;sid:83511821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.78.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648722/; classtype:trojan-activity;sid:83511822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648720)"; flow:established,from_client; content:"GET"; http_method; content:"/agodzx.doc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648720/; classtype:trojan-activity;sid:83511820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.183.30.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648718/; classtype:trojan-activity;sid:83511818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648719)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.115.85.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648719/; classtype:trojan-activity;sid:83511819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648717)"; flow:established,from_client; content:"GET"; http_method; content:"/88/hkcmd.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.227.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648717/; classtype:trojan-activity;sid:83511817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648716)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1giynqa4eetfy5cnbfv0c-8r4tfxx4wto"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648716/; classtype:trojan-activity;sid:83511816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648714)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/factura_online.jse"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.81.39.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648714/; classtype:trojan-activity;sid:83511814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648715)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/desktop.ini"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.81.39.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648715/; classtype:trojan-activity;sid:83511815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648713)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.32.30.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648713/; classtype:trojan-activity;sid:83511813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.159.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648712/; classtype:trojan-activity;sid:83511812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648711/; classtype:trojan-activity;sid:83511811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.0.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648710/; classtype:trojan-activity;sid:83511810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648709)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.222.225.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648709/; classtype:trojan-activity;sid:83511809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648708)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.21.179.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648708/; classtype:trojan-activity;sid:83511808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.74.78.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648707/; classtype:trojan-activity;sid:83511807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.61.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648706/; classtype:trojan-activity;sid:83511806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.91.48.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648705/; classtype:trojan-activity;sid:83511805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.202.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648704/; classtype:trojan-activity;sid:83511804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.200.35.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648703/; classtype:trojan-activity;sid:83511803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.34.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648702/; classtype:trojan-activity;sid:83511802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.20.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648700/; classtype:trojan-activity;sid:83511800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.192.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648701/; classtype:trojan-activity;sid:83511801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648699)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xcacnpdwradi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648699/; classtype:trojan-activity;sid:83511799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.213.182.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648698/; classtype:trojan-activity;sid:83511798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.249.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648697/; classtype:trojan-activity;sid:83511797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.219.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648696/; classtype:trojan-activity;sid:83511796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.147.226.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648695/; classtype:trojan-activity;sid:83511795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.201.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648694/; classtype:trojan-activity;sid:83511794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648693)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.109.227.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648693/; classtype:trojan-activity;sid:83511793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.131.147.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648692/; classtype:trojan-activity;sid:83511792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.10.210.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648691/; classtype:trojan-activity;sid:83511791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648689)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.72.160.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648689/; classtype:trojan-activity;sid:83511789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648690)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.121.254.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648690/; classtype:trojan-activity;sid:83511790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.93.18.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648688/; classtype:trojan-activity;sid:83511788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648687)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.11.6.224"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648687/; classtype:trojan-activity;sid:83511787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648685)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.224.185.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648685/; classtype:trojan-activity;sid:83511785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648686)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.75.108.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648686/; classtype:trojan-activity;sid:83511786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.159.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648684/; classtype:trojan-activity;sid:83511784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648682)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.89.221.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648682/; classtype:trojan-activity;sid:83511782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648683)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.88.130.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648683/; classtype:trojan-activity;sid:83511783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648681)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.10.3.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648681/; classtype:trojan-activity;sid:83511781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648680)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.115.83.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648680/; classtype:trojan-activity;sid:83511780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648678)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.71.39.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648678/; classtype:trojan-activity;sid:83511778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648679)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"219.115.24.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648679/; classtype:trojan-activity;sid:83511779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648676)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.86.227.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648676/; classtype:trojan-activity;sid:83511776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648677)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.164.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648677/; classtype:trojan-activity;sid:83511777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648675/; classtype:trojan-activity;sid:83511775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.180.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648674/; classtype:trojan-activity;sid:83511774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.84.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648673/; classtype:trojan-activity;sid:83511773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.21.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648672/; classtype:trojan-activity;sid:83511772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.136.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648671/; classtype:trojan-activity;sid:83511771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.136.84.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648670/; classtype:trojan-activity;sid:83511770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.141.240.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648669/; classtype:trojan-activity;sid:83511769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648668)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|impresion=lucia060276@hotmail.com|7c|26|7c|id=1kxwfahe_d4uv9ymrbspzy5bhv0eofh8f"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648668/; classtype:trojan-activity;sid:83511768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648667)"; flow:established,from_client; content:"GET"; http_method; content:"/ddd.json"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"user1681259423012.requestly.dev"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648667/; classtype:trojan-activity;sid:83511767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.0.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648666/; classtype:trojan-activity;sid:83511766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648665)"; flow:established,from_client; content:"GET"; http_method; content:"/api/mockv2/ddd.json|3f|username=user1681259423012"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"requestly.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648665/; classtype:trojan-activity;sid:83511765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.6.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648664/; classtype:trojan-activity;sid:83511764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.231.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648663/; classtype:trojan-activity;sid:83511763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.136.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648662/; classtype:trojan-activity;sid:83511762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.33.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648661/; classtype:trojan-activity;sid:83511761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.86.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648660/; classtype:trojan-activity;sid:83511760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.105.146.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648659/; classtype:trojan-activity;sid:83511759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648658/; classtype:trojan-activity;sid:83511758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.110.207.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648657/; classtype:trojan-activity;sid:83511757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.150.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648656/; classtype:trojan-activity;sid:83511756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648655/; classtype:trojan-activity;sid:83511755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.170.79.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648654/; classtype:trojan-activity;sid:83511754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.164.3.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648653/; classtype:trojan-activity;sid:83511753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.231.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648652/; classtype:trojan-activity;sid:83511752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648651)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.70.30.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648651/; classtype:trojan-activity;sid:83511751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.238.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648650/; classtype:trojan-activity;sid:83511750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.46.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648649/; classtype:trojan-activity;sid:83511749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.189.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648648/; classtype:trojan-activity;sid:83511748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.176.53.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648647/; classtype:trojan-activity;sid:83511747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.177.171.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648646/; classtype:trojan-activity;sid:83511746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.150.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648645/; classtype:trojan-activity;sid:83511745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.249.225.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648644/; classtype:trojan-activity;sid:83511744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.126.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648643/; classtype:trojan-activity;sid:83511743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648642)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"130.204.188.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648642/; classtype:trojan-activity;sid:83511742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648641)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.15.21.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648641/; classtype:trojan-activity;sid:83511741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648640)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.84.192.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648640/; classtype:trojan-activity;sid:83511740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648639)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.90.172.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648639/; classtype:trojan-activity;sid:83511739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.221.182.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648638/; classtype:trojan-activity;sid:83511738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.232.18.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648637/; classtype:trojan-activity;sid:83511737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648636/; classtype:trojan-activity;sid:83511736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648635)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.191.246.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648635/; classtype:trojan-activity;sid:83511735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.175.27.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648634/; classtype:trojan-activity;sid:83511734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.192.69.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648633/; classtype:trojan-activity;sid:83511733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.100.123.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648632/; classtype:trojan-activity;sid:83511732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.213.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648631/; classtype:trojan-activity;sid:83511731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.19.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648630/; classtype:trojan-activity;sid:83511730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.244.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648629/; classtype:trojan-activity;sid:83511729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.88.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648628/; classtype:trojan-activity;sid:83511728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648625/; classtype:trojan-activity;sid:83511725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648626)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.65.15.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648626/; classtype:trojan-activity;sid:83511726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648627/; classtype:trojan-activity;sid:83511727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.56.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648622/; classtype:trojan-activity;sid:83511722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.247.55.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648623/; classtype:trojan-activity;sid:83511723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.155.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648624/; classtype:trojan-activity;sid:83511724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.136.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648621/; classtype:trojan-activity;sid:83511721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2648620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.46.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2648620/; classtype:trojan-activity;sid