################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2020-01-18 17:39:33 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xm5kitny"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291762/; classtype:trojan-activity;sid:81154862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291761/; classtype:trojan-activity;sid:81154861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.225.182.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291760/; classtype:trojan-activity;sid:81154860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.45.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291759/; classtype:trojan-activity;sid:81154859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.15.88.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291758/; classtype:trojan-activity;sid:81154858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291757/; classtype:trojan-activity;sid:81154857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291755/; classtype:trojan-activity;sid:81154855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.76.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291754/; classtype:trojan-activity;sid:81154854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.136.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291753/; classtype:trojan-activity;sid:81154853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291750/; classtype:trojan-activity;sid:81154850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.79.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291749/; classtype:trojan-activity;sid:81154849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.179.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291747/; classtype:trojan-activity;sid:81154847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.241.250.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291746/; classtype:trojan-activity;sid:81154846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291745/; classtype:trojan-activity;sid:81154845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291744/; classtype:trojan-activity;sid:81154844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rafu9ksp"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291743/; classtype:trojan-activity;sid:81154843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/el2mawuh7l/usa/downloads/version_n7.rar"; http_uri; depth:40; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291742/; classtype:trojan-activity;sid:81154842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/el2mawuh7l/usa/downloads/version_n8.rar"; http_uri; depth:40; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291741/; classtype:trojan-activity;sid:81154841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291740/; classtype:trojan-activity;sid:81154840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291739/; classtype:trojan-activity;sid:81154839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.212.240.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291738/; classtype:trojan-activity;sid:81154838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.91.241.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291737/; classtype:trojan-activity;sid:81154837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291736/; classtype:trojan-activity;sid:81154836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.45.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291735/; classtype:trojan-activity;sid:81154835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.59.134.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291734/; classtype:trojan-activity;sid:81154834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.124.174.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291733/; classtype:trojan-activity;sid:81154833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.34.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291732/; classtype:trojan-activity;sid:81154832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.105.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291731/; classtype:trojan-activity;sid:81154831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291729/; classtype:trojan-activity;sid:81154829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.154.80.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291728/; classtype:trojan-activity;sid:81154828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"45.10.29.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291727/; classtype:trojan-activity;sid:81154827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.254.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291724/; classtype:trojan-activity;sid:81154824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291721/; classtype:trojan-activity;sid:81154821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.177.237.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291718/; classtype:trojan-activity;sid:81154818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.92.177.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291717/; classtype:trojan-activity;sid:81154817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291714/; classtype:trojan-activity;sid:81154814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jkkixcs0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291713/; classtype:trojan-activity;sid:81154813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.204.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291709/; classtype:trojan-activity;sid:81154809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291708/; classtype:trojan-activity;sid:81154808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291706/; classtype:trojan-activity;sid:81154806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pdcwdmfzhzkj8xly.bin"; http_uri; depth:21; isdataat:!1,relative; content:"crystalcheats.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291703/; classtype:trojan-activity;sid:81154803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291701/; classtype:trojan-activity;sid:81154801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.212.244.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291700/; classtype:trojan-activity;sid:81154800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.222.195.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291699/; classtype:trojan-activity;sid:81154799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.118.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291697/; classtype:trojan-activity;sid:81154797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.115.15.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291695/; classtype:trojan-activity;sid:81154795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.122.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291694/; classtype:trojan-activity;sid:81154794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.134.4.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291693/; classtype:trojan-activity;sid:81154793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291692/; classtype:trojan-activity;sid:81154792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291691/; classtype:trojan-activity;sid:81154791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291689/; classtype:trojan-activity;sid:81154789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291687/; classtype:trojan-activity;sid:81154787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291686/; classtype:trojan-activity;sid:81154786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291682/; classtype:trojan-activity;sid:81154782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291681/; classtype:trojan-activity;sid:81154781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.125.89.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291680/; classtype:trojan-activity;sid:81154780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291679/; classtype:trojan-activity;sid:81154779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.155.54.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291677/; classtype:trojan-activity;sid:81154777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.176.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291675/; classtype:trojan-activity;sid:81154775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.71.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291674/; classtype:trojan-activity;sid:81154774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291673/; classtype:trojan-activity;sid:81154773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291672/; classtype:trojan-activity;sid:81154772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.199.133.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291670/; classtype:trojan-activity;sid:81154770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.43.33.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291669/; classtype:trojan-activity;sid:81154769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291668/; classtype:trojan-activity;sid:81154768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw1_protected_4ef84d0.exe"; http_uri; depth:26; isdataat:!1,relative; content:"fdbvcdffd.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291667/; classtype:trojan-activity;sid:81154767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/q96bkn12"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291666/; classtype:trojan-activity;sid:81154766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.93.188.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291663/; classtype:trojan-activity;sid:81154763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291662/; classtype:trojan-activity;sid:81154762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.95.154.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291660/; classtype:trojan-activity;sid:81154760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291659/; classtype:trojan-activity;sid:81154759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.212.244.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291657/; classtype:trojan-activity;sid:81154757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291656/; classtype:trojan-activity;sid:81154756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.209.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291655/; classtype:trojan-activity;sid:81154755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.164.95.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291653/; classtype:trojan-activity;sid:81154753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291652/; classtype:trojan-activity;sid:81154752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291651/; classtype:trojan-activity;sid:81154751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.58.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291650/; classtype:trojan-activity;sid:81154750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/videopad/vppsetup.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.nchsoftware.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291647/; classtype:trojan-activity;sid:81154747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.31.253.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291638/; classtype:trojan-activity;sid:81154738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.167.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291635/; classtype:trojan-activity;sid:81154735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.178.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291634/; classtype:trojan-activity;sid:81154734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.177.9.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291633/; classtype:trojan-activity;sid:81154733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291632/; classtype:trojan-activity;sid:81154732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.67.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291631/; classtype:trojan-activity;sid:81154731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.149.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291630/; classtype:trojan-activity;sid:81154730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.224.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291629/; classtype:trojan-activity;sid:81154729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291623/; classtype:trojan-activity;sid:81154723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.156.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291620/; classtype:trojan-activity;sid:81154720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.33.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291618/; classtype:trojan-activity;sid:81154718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.43.168.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291617/; classtype:trojan-activity;sid:81154717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291616/; classtype:trojan-activity;sid:81154716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.195.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291615/; classtype:trojan-activity;sid:81154715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.80.162.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291613/; classtype:trojan-activity;sid:81154713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291610/; classtype:trojan-activity;sid:81154710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.211.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291609/; classtype:trojan-activity;sid:81154709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291608/; classtype:trojan-activity;sid:81154708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.35.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291607/; classtype:trojan-activity;sid:81154707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/edre/q87-y3zu9-94068/"; http_uri; depth:29; isdataat:!1,relative; content:"138.97.105.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291605/; classtype:trojan-activity;sid:81154705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/4ggw3x20697/"; http_uri; depth:31; isdataat:!1,relative; content:"woofilter.gsamdani.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291604/; classtype:trojan-activity;sid:81154704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6mmf2gg-q5k-120207/"; http_uri; depth:31; isdataat:!1,relative; content:"rodyaevents.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291603/; classtype:trojan-activity;sid:81154703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ghomework/llc/lykh0et-9226548491-87-chlhiy8ao-fgsf4tc/"; http_uri; depth:55; isdataat:!1,relative; content:"122.112.226.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291601/; classtype:trojan-activity;sid:81154701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a5bc0d28dba0d6b56ad1f1461a4d329e/qzvngju/"; http_uri; depth:42; isdataat:!1,relative; content:"zeniaxsolution.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291600/; classtype:trojan-activity;sid:81154700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2016/sites/17umqy-100-212753-rrkalzb-sagorp/"; http_uri; depth:45; isdataat:!1,relative; content:"a-tech.ac.th"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291599/; classtype:trojan-activity;sid:81154699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wr0pezn/scan/"; http_uri; depth:14; isdataat:!1,relative; content:"106.12.111.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291598/; classtype:trojan-activity;sid:81154698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qvvghvp5mtjb/dfua/"; http_uri; depth:19; isdataat:!1,relative; content:"senasba.gob.bo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291597/; classtype:trojan-activity;sid:81154697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/paclm/6h439fk-531759-599449-xdvebva5y-qnpku898/"; http_uri; depth:67; isdataat:!1,relative; content:"netyte.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291596/; classtype:trojan-activity;sid:81154696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"176.113.161.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291595/; classtype:trojan-activity;sid:81154695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w.txt"; http_uri; depth:6; isdataat:!1,relative; content:"103.64.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291594/; classtype:trojan-activity;sid:81154694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/91e2fca84a1703bcfb4cfe4e9d0c11b0/kafqpcm/"; http_uri; depth:42; isdataat:!1,relative; content:"fcnord17.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291593/; classtype:trojan-activity;sid:81154693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/statement/tn1kicqraj/"; http_uri; depth:31; isdataat:!1,relative; content:"sanritsudeco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291592/; classtype:trojan-activity;sid:81154692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/public/r965bn2p/"; http_uri; depth:21; isdataat:!1,relative; content:"ancientalienartifacts.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291591/; classtype:trojan-activity;sid:81154691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.221.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291590/; classtype:trojan-activity;sid:81154690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.243.177.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291587/; classtype:trojan-activity;sid:81154687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.99.19.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291586/; classtype:trojan-activity;sid:81154686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zlnl4e/pviep/"; http_uri; depth:14; isdataat:!1,relative; content:"media.najaminstitute.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291583/; classtype:trojan-activity;sid:81154683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/dxazwuq/8vtlr1-33217-374447-xpigciym4-4izo07/"; http_uri; depth:64; isdataat:!1,relative; content:"www.hbcncrepair.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291582/; classtype:trojan-activity;sid:81154682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter-uplqjsp7/invoice/po1l4bvt/0-62147-496610-tpadp-38m6ewno/"; http_uri; depth:68; isdataat:!1,relative; content:"www.thevapordistro.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291581/; classtype:trojan-activity;sid:81154681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gw5r30eh-ff4-027/"; http_uri; depth:30; isdataat:!1,relative; content:"ektisadona.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291580/; classtype:trojan-activity;sid:81154680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emailwishlist/doc/quw0vxo5in2/rnlowut-459047-8763-3cn8-1veo/"; http_uri; depth:61; isdataat:!1,relative; content:"www.lakshmichowkusa.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291579/; classtype:trojan-activity;sid:81154679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/u48ut/invoice/"; http_uri; depth:15; isdataat:!1,relative; content:"contebuy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291578/; classtype:trojan-activity;sid:81154678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/5yt-rk1z-853411/"; http_uri; depth:28; isdataat:!1,relative; content:"nguyenminhthong.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291577/; classtype:trojan-activity;sid:81154677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toibuxh6kg/docs/129w-9929058-61-03b89-zxr4rdl/"; http_uri; depth:47; isdataat:!1,relative; content:"speaklishworld.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291576/; classtype:trojan-activity;sid:81154676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/partner_out/vjrfrr/"; http_uri; depth:20; isdataat:!1,relative; content:"247legalservices.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291574/; classtype:trojan-activity;sid:81154674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/0w-84322552-06-5ss9ve8ku5o-7jfsj6b/"; http_uri; depth:48; isdataat:!1,relative; content:"after-party.000webhostapp.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291573/; classtype:trojan-activity;sid:81154673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/activate/payment/bsubb5lac2l/"; http_uri; depth:30; isdataat:!1,relative; content:"justinscolary.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291572/; classtype:trojan-activity;sid:81154672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/faliqx/qi/"; http_uri; depth:11; isdataat:!1,relative; content:"www.iamselorm.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291571/; classtype:trojan-activity;sid:81154671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/10r78m4g"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291570/; classtype:trojan-activity;sid:81154670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/documentation/m1d6rvwbu17v/agek-640-6400-fjna5r-6oyuievl/"; http_uri; depth:67; isdataat:!1,relative; content:"housepro.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291569/; classtype:trojan-activity;sid:81154669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/05746251/4-7438672626-62401065-yym4jf3-7wf3/"; http_uri; depth:56; isdataat:!1,relative; content:"taobaoraku.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291568/; classtype:trojan-activity;sid:81154668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dhbecyf/"; http_uri; depth:20; isdataat:!1,relative; content:"swwbia.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291567/; classtype:trojan-activity;sid:81154667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp2/esp/qddwujb/lvf-940-62-v7syiwb57-3tcvxu3uf2s/"; http_uri; depth:50; isdataat:!1,relative; content:"iloveto.dance"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291566/; classtype:trojan-activity;sid:81154666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cookietest/zcx-yt6-401637/"; http_uri; depth:27; isdataat:!1,relative; content:"banaderhotels.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291565/; classtype:trojan-activity;sid:81154665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config.smell/svdgah29/xwap8uzyp/"; http_uri; depth:33; isdataat:!1,relative; content:"jonesmemorialhomes.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291564/; classtype:trojan-activity;sid:81154664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter-5eglnz/wfvtxx8h8/"; http_uri; depth:29; isdataat:!1,relative; content:"leorich.com.tw"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291563/; classtype:trojan-activity;sid:81154663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.73.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291562/; classtype:trojan-activity;sid:81154662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.203.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291561/; classtype:trojan-activity;sid:81154661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291560/; classtype:trojan-activity;sid:81154660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291559/; classtype:trojan-activity;sid:81154659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291558/; classtype:trojan-activity;sid:81154658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.46.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291557/; classtype:trojan-activity;sid:81154657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291555/; classtype:trojan-activity;sid:81154655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.215.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291554/; classtype:trojan-activity;sid:81154654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.225.23.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291552/; classtype:trojan-activity;sid:81154652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9z55/payment/lxnia5u7e/evcze07-609912-438467-i217vb-95xys/"; http_uri; depth:59; isdataat:!1,relative; content:"orlandohoppers.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291551/; classtype:trojan-activity;sid:81154651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rpj22/zyfhplfli/"; http_uri; depth:18; isdataat:!1,relative; content:"www.sreekamakshisilks.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291550/; classtype:trojan-activity;sid:81154650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/"; http_uri; depth:17; isdataat:!1,relative; content:"quickwashing.cl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291549/; classtype:trojan-activity;sid:81154649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/disclosures/aq/"; http_uri; depth:16; isdataat:!1,relative; content:"lausinexamenes.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291548/; classtype:trojan-activity;sid:81154648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e2fe9dc0dd7e66786d7c899dbdc5b0cf/d5owvwr0/xms8lksf/"; http_uri; depth:52; isdataat:!1,relative; content:"www.elitecarerecruitment.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291547/; classtype:trojan-activity;sid:81154647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rtagc9dd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291546/; classtype:trojan-activity;sid:81154646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dcvhgfrt.exe"; http_uri; depth:13; isdataat:!1,relative; content:"yuidfgxcvbxc.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291545/; classtype:trojan-activity;sid:81154645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbchxvjk.exe"; http_uri; depth:13; isdataat:!1,relative; content:"yuidfgxcvbxc.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291544/; classtype:trojan-activity;sid:81154644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ndfghjkxcvcvbn.exe"; http_uri; depth:19; isdataat:!1,relative; content:"yuidfgxcvbxc.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291543/; classtype:trojan-activity;sid:81154643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jhq5ds/cdmpxj9rkdmir/"; http_uri; depth:22; isdataat:!1,relative; content:"itsweezle.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291542/; classtype:trojan-activity;sid:81154642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zwaen/"; http_uri; depth:16; isdataat:!1,relative; content:"www.ambiance-piscines.fr"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291541/; classtype:trojan-activity;sid:81154641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3tzlvg5z"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291539/; classtype:trojan-activity;sid:81154639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/45-99072-3819572-pwqdjb0f-ngv3/"; http_uri; depth:43; isdataat:!1,relative; content:"gsttutorial.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291538/; classtype:trojan-activity;sid:81154638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gt6-9y0k0-1733/"; http_uri; depth:25; isdataat:!1,relative; content:"admyinfo.000webhostapp.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291537/; classtype:trojan-activity;sid:81154637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inc/s1kp82-804395247-95086-efwf-9gbd/"; http_uri; depth:47; isdataat:!1,relative; content:"sgdwtoken.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291536/; classtype:trojan-activity;sid:81154636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/statement/"; http_uri; depth:22; isdataat:!1,relative; content:"www.akarosi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291535/; classtype:trojan-activity;sid:81154635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/azfj46tq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291534/; classtype:trojan-activity;sid:81154634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vx76zinm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291533/; classtype:trojan-activity;sid:81154633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dwp4g-t3wu-62/"; http_uri; depth:26; isdataat:!1,relative; content:"studiosetareh.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291532/; classtype:trojan-activity;sid:81154632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/llc/5lii7yud2b/"; http_uri; depth:20; isdataat:!1,relative; content:"www.transmac.com.mo"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291530/; classtype:trojan-activity;sid:81154630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kcb0skh-2j9c-624335/"; http_uri; depth:30; isdataat:!1,relative; content:"ies-cura-valera.000webhostapp.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291529/; classtype:trojan-activity;sid:81154629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/public/qt2rse6pg/b4ut-016421-14475282-15xd-hwrsa/"; http_uri; depth:63; isdataat:!1,relative; content:"www.openhouseinteriorsinc.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291528/; classtype:trojan-activity;sid:81154628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logreport/pnqcp/"; http_uri; depth:17; isdataat:!1,relative; content:"www.app48.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291527/; classtype:trojan-activity;sid:81154627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/swift/"; http_uri; depth:16; isdataat:!1,relative; content:"emerson-academy.2019.sites.air-rallies.org"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291526/; classtype:trojan-activity;sid:81154626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.58.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291525/; classtype:trojan-activity;sid:81154625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291524/; classtype:trojan-activity;sid:81154624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.91.94.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291523/; classtype:trojan-activity;sid:81154623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291520/; classtype:trojan-activity;sid:81154620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.73.63.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291519/; classtype:trojan-activity;sid:81154619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.153.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291517/; classtype:trojan-activity;sid:81154617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.5.187.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291516/; classtype:trojan-activity;sid:81154616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.93.94.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291514/; classtype:trojan-activity;sid:81154614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.153.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291512/; classtype:trojan-activity;sid:81154612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.220.182.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291511/; classtype:trojan-activity;sid:81154611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/milhvl6-09881311-82791243-2wi7t3z5-cz4pk5f4/"; http_uri; depth:62; isdataat:!1,relative; content:"shop-an-khang.000webhostapp.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291509/; classtype:trojan-activity;sid:81154609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/balance/vuwv69ilw/giye6e6-280351-167-d8q9jr7-k2zkzawcn/"; http_uri; depth:67; isdataat:!1,relative; content:"praxismall.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291508/; classtype:trojan-activity;sid:81154608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-contnts/iqf-q0-50/"; http_uri; depth:22; isdataat:!1,relative; content:"cha.6888ka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291507/; classtype:trojan-activity;sid:81154607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/overview/"; http_uri; depth:10; isdataat:!1,relative; content:"butterflyvfx.synergy-college.org"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291506/; classtype:trojan-activity;sid:81154606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/svlo396/"; http_uri; depth:21; isdataat:!1,relative; content:"devhelp.paskr.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291505/; classtype:trojan-activity;sid:81154605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tn/"; http_uri; depth:4; isdataat:!1,relative; content:"manager.paskr.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291504/; classtype:trojan-activity;sid:81154604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gdqig/"; http_uri; depth:19; isdataat:!1,relative; content:"help.paskr.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291503/; classtype:trojan-activity;sid:81154603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/0w071/"; http_uri; depth:18; isdataat:!1,relative; content:"inovacao.farmaciaartesanal.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291502/; classtype:trojan-activity;sid:81154602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sak/"; http_uri; depth:17; isdataat:!1,relative; content:"ga.neomeric.us"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291501/; classtype:trojan-activity;sid:81154601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/attachments/hb5071hkvnbt/"; http_uri; depth:35; isdataat:!1,relative; content:"elektrimo.000webhostapp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291500/; classtype:trojan-activity;sid:81154600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"117.241.250.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291496/; classtype:trojan-activity;sid:81154596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/reporting/y-91859-02991-lpmozv-dxbwh8/"; http_uri; depth:48; isdataat:!1,relative; content:"imurprint.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291490/; classtype:trojan-activity;sid:81154590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/swift/yctxdsc-51622695-9722635-bmf9clt-flco7bouo4/"; http_uri; depth:63; isdataat:!1,relative; content:"gediksaglik.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291484/; classtype:trojan-activity;sid:81154584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lnkvjs235jdhsed/ud-ixlry-45/"; http_uri; depth:29; isdataat:!1,relative; content:"www.bzhw.com.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291483/; classtype:trojan-activity;sid:81154583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/6a5c-343-99585-rp2x1-d8gl97ar/"; http_uri; depth:46; isdataat:!1,relative; content:"cg.hotwp.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291482/; classtype:trojan-activity;sid:81154582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/payment/paclm/"; http_uri; depth:15; isdataat:!1,relative; content:"nhavanggroup.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291481/; classtype:trojan-activity;sid:81154581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lnkvjs235jdhsed/paclm/8zcsprr/"; http_uri; depth:31; isdataat:!1,relative; content:"bzhw.com.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291480/; classtype:trojan-activity;sid:81154580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cupang/file/dh5d7h2d/p3-0183-496198569-f3g0-76lm/"; http_uri; depth:50; isdataat:!1,relative; content:"krones.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291479/; classtype:trojan-activity;sid:81154579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/home/xrzsfc-i9y-802/"; http_uri; depth:21; isdataat:!1,relative; content:"www.ayikibuilders.com.ng"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291478/; classtype:trojan-activity;sid:81154578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/attachments/lr3w-397-78701-qdhb7b-rsyl58l4c4/"; http_uri; depth:54; isdataat:!1,relative; content:"fdhk.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291477/; classtype:trojan-activity;sid:81154577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/"; http_uri; depth:17; isdataat:!1,relative; content:"blog.orig.xin"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291475/; classtype:trojan-activity;sid:81154575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291473/; classtype:trojan-activity;sid:81154573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291472/; classtype:trojan-activity;sid:81154572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.74.24.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291471/; classtype:trojan-activity;sid:81154571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.230.143.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291470/; classtype:trojan-activity;sid:81154570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.96.86.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291468/; classtype:trojan-activity;sid:81154568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291467/; classtype:trojan-activity;sid:81154567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.240.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291466/; classtype:trojan-activity;sid:81154566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.230.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291463/; classtype:trojan-activity;sid:81154563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291462/; classtype:trojan-activity;sid:81154562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.32.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291459/; classtype:trojan-activity;sid:81154559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rg/"; http_uri; depth:16; isdataat:!1,relative; content:"212.64.90.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291457/; classtype:trojan-activity;sid:81154557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-support/attachments/a67hg9ns/x9eq-5401-79080577-n6fxn-qalhad/"; http_uri; depth:65; isdataat:!1,relative; content:"24x7wpsupport.urdemo.website"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291456/; classtype:trojan-activity;sid:81154556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/overview/niysvoy/6v7y-5871820794-25-ohpsc-f691/"; http_uri; depth:57; isdataat:!1,relative; content:"167.172.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291455/; classtype:trojan-activity;sid:81154555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mgupp/htecmn/"; http_uri; depth:14; isdataat:!1,relative; content:"sportident.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291454/; classtype:trojan-activity;sid:81154554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/swift/lh5aouu/"; http_uri; depth:26; isdataat:!1,relative; content:"60.205.181.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291453/; classtype:trojan-activity;sid:81154553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/attachments/xjwlv3-21566843-122581-h9dmy-ezylial/"; http_uri; depth:61; isdataat:!1,relative; content:"35.184.191.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291452/; classtype:trojan-activity;sid:81154552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alfacgiapi/evjmijom/"; http_uri; depth:21; isdataat:!1,relative; content:"tdmekos.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291451/; classtype:trojan-activity;sid:81154551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/tmh/"; http_uri; depth:15; isdataat:!1,relative; content:"qyshudong.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291448/; classtype:trojan-activity;sid:81154548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/browse/7ozb0t9/q-57366865-60553791-04qf3gftus-21eo/"; http_uri; depth:57; isdataat:!1,relative; content:"alokfashiondhajawala.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291447/; classtype:trojan-activity;sid:81154547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c9hjbt90"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291446/; classtype:trojan-activity;sid:81154546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/etrac/qlm5dfgz/"; http_uri; depth:28; isdataat:!1,relative; content:"binhcp.tuanphanict.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291445/; classtype:trojan-activity;sid:81154545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/click/hfeyh/"; http_uri; depth:13; isdataat:!1,relative; content:"trekfocus.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291444/; classtype:trojan-activity;sid:81154544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mvbpmyq/inc/rqplvjjod/d6-34255-017342453-qj50y0q6bz-igo2g/"; http_uri; depth:59; isdataat:!1,relative; content:"159.65.156.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291443/; classtype:trojan-activity;sid:81154543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inc/i4cp6sny/d-3525751371-799080-awzoerest-wum84bn1r/"; http_uri; depth:63; isdataat:!1,relative; content:"arnavinteriors.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291442/; classtype:trojan-activity;sid:81154542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jkc7hp89"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291441/; classtype:trojan-activity;sid:81154541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/toc-rdcq-705/"; http_uri; depth:17; isdataat:!1,relative; content:"the-master.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291440/; classtype:trojan-activity;sid:81154540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/certificates/payment/4xz2l1t-05981-69152661-3dn225mnso-37110gjnwuz/"; http_uri; depth:80; isdataat:!1,relative; content:"cdn.timebuyer.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291439/; classtype:trojan-activity;sid:81154539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/statement/"; http_uri; depth:19; isdataat:!1,relative; content:"bkohindigovernmentcollege.ac.in"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291438/; classtype:trojan-activity;sid:81154538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.18.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291437/; classtype:trojan-activity;sid:81154537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291435/; classtype:trojan-activity;sid:81154535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291434/; classtype:trojan-activity;sid:81154534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291430/; classtype:trojan-activity;sid:81154530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/report/"; http_uri; depth:19; isdataat:!1,relative; content:"101.132.182.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291428/; classtype:trojan-activity;sid:81154528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/f4p4xrdr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291427/; classtype:trojan-activity;sid:81154527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pakeu8sw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291426/; classtype:trojan-activity;sid:81154526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/cs3w34-8254802951-471-o693g1go48w-bprg04j8p1w/"; http_uri; depth:62; isdataat:!1,relative; content:"energy-journals.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291425/; classtype:trojan-activity;sid:81154525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/0spnrm/"; http_uri; depth:23; isdataat:!1,relative; content:"elysianbooth.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291423/; classtype:trojan-activity;sid:81154523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cgh62t6r"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291422/; classtype:trojan-activity;sid:81154522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yyfuazhm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291421/; classtype:trojan-activity;sid:81154521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/postnewl/statement/c2a-8790-819-uooxbq4-th039wweeua/"; http_uri; depth:53; isdataat:!1,relative; content:"digiadviser.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291420/; classtype:trojan-activity;sid:81154520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/clickandbuilds/parts_service/"; http_uri; depth:30; isdataat:!1,relative; content:"hecquet.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291418/; classtype:trojan-activity;sid:81154518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/36gwwhzl"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291417/; classtype:trojan-activity;sid:81154517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/inc/p8iv2luo/59g37uc-626985-642-glbmt47-fi9nh/"; http_uri; depth:51; isdataat:!1,relative; content:"essah.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291416/; classtype:trojan-activity;sid:81154516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal-resource/open-area/t9ig916f1uwqx-u6514/"; http_uri; depth:58; isdataat:!1,relative; content:"activatemagicsjacks.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291414/; classtype:trojan-activity;sid:81154514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web_map/etrac/ywiwrc4-819138279-16923244-fpjb4v7kadg-ivrogt8/"; http_uri; depth:62; isdataat:!1,relative; content:"indonissin.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291413/; classtype:trojan-activity;sid:81154513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gnvnr0/"; http_uri; depth:20; isdataat:!1,relative; content:"huaxia.edu.my"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291412/; classtype:trojan-activity;sid:81154512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.253.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291411/; classtype:trojan-activity;sid:81154511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291410/; classtype:trojan-activity;sid:81154510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.148.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291402/; classtype:trojan-activity;sid:81154502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/correo/8813695086212284/"; http_uri; depth:25; isdataat:!1,relative; content:"isague.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291400/; classtype:trojan-activity;sid:81154500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/esp/2gh6r6x-8247870354-6413627-2fdbv-2zd73s/"; http_uri; depth:53; isdataat:!1,relative; content:"buypasses.co"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291399/; classtype:trojan-activity;sid:81154499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/j8ikmq/scan/qhjoih3gxgdg/"; http_uri; depth:26; isdataat:!1,relative; content:"47.98.138.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291398/; classtype:trojan-activity;sid:81154498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/etrac/"; http_uri; depth:19; isdataat:!1,relative; content:"ikmapisi.pps-pgra.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291397/; classtype:trojan-activity;sid:81154497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/scan/maqqg3qoc/"; http_uri; depth:28; isdataat:!1,relative; content:"ikmapisi.pps-pgra.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291396/; classtype:trojan-activity;sid:81154496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/invoice/htzt7b/3pcf6b5-947705222-02516413-8jb3x-8rjdgmfav6/"; http_uri; depth:69; isdataat:!1,relative; content:"mycustomtests.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291395/; classtype:trojan-activity;sid:81154495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/doc/"; http_uri; depth:9; isdataat:!1,relative; content:"listadeactividades.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291394/; classtype:trojan-activity;sid:81154494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/qaf9gfzuntl8/"; http_uri; depth:37; isdataat:!1,relative; content:"fxkoppa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291393/; classtype:trojan-activity;sid:81154493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/documentation/0a785u41qc/"; http_uri; depth:35; isdataat:!1,relative; content:"publicidadeinove-com.umbler.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291391/; classtype:trojan-activity;sid:81154491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/qh44ll/"; http_uri; depth:23; isdataat:!1,relative; content:"shacked.webdepot.co.il"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291390/; classtype:trojan-activity;sid:81154490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291387/; classtype:trojan-activity;sid:81154487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.96.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291384/; classtype:trojan-activity;sid:81154484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/swift/1oaspwpe4r/"; http_uri; depth:27; isdataat:!1,relative; content:"t2.webtilia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291381/; classtype:trojan-activity;sid:81154481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/7o8-74362-03718164-dcl0-ckxl9xvkvt99/"; http_uri; depth:51; isdataat:!1,relative; content:"sport.ose.co.tz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291380/; classtype:trojan-activity;sid:81154480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/hzv4v7-855-1188-y244-rxvi/"; http_uri; depth:42; isdataat:!1,relative; content:"nofile.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291379/; classtype:trojan-activity;sid:81154479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4k4t2zs/ubpfy-5oli-4934/"; http_uri; depth:25; isdataat:!1,relative; content:"wtc-chandigarh.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291378/; classtype:trojan-activity;sid:81154478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/attachments/"; http_uri; depth:22; isdataat:!1,relative; content:"web.hfsistemas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291377/; classtype:trojan-activity;sid:81154477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/tbuun/"; http_uri; depth:18; isdataat:!1,relative; content:"www.1v12.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291376/; classtype:trojan-activity;sid:81154476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/0o1sn4xaeqp/y2qrkk-592-938-p39k0hq-bi7qe437m/"; http_uri; depth:60; isdataat:!1,relative; content:"royalcloudsoftware.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291375/; classtype:trojan-activity;sid:81154475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i924a/o9a-jc3-10/"; http_uri; depth:18; isdataat:!1,relative; content:"mail.growmatrics.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291374/; classtype:trojan-activity;sid:81154474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/keoa2oi8ijwe/af76csf-183-4925203-dmnb1q7-3wtnp7sge/"; http_uri; depth:63; isdataat:!1,relative; content:"mymoments.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291373/; classtype:trojan-activity;sid:81154473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/k-9208121902-2782836-noqxd703xoj-ytqrzujzfto/"; http_uri; depth:65; isdataat:!1,relative; content:"www.huifande.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291372/; classtype:trojan-activity;sid:81154472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/dhw/"; http_uri; depth:13; isdataat:!1,relative; content:"data4u.kay-tech.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291371/; classtype:trojan-activity;sid:81154471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/lbt9fa9/"; http_uri; depth:25; isdataat:!1,relative; content:"willowgrovesupply.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291370/; classtype:trojan-activity;sid:81154470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291368/; classtype:trojan-activity;sid:81154468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.231.215.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291366/; classtype:trojan-activity;sid:81154466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/scan/9htxj-6009239-230250-ih9ozpx3u4v-io5l4m8k8l/"; http_uri; depth:62; isdataat:!1,relative; content:"xn--h1adekuf0eb.xn--p1ai"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291361/; classtype:trojan-activity;sid:81154461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ycidfbuhr/"; http_uri; depth:18; isdataat:!1,relative; content:"myestate.kay-tech.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291360/; classtype:trojan-activity;sid:81154460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/etrac/5q1fnu0/7-23026-587540832-ikfw-tnlob5wsge/"; http_uri; depth:60; isdataat:!1,relative; content:"kay-tech.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291359/; classtype:trojan-activity;sid:81154459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/b4iosplm4e/r5fh85-3015090211-832180-rf5b-khaukq3lc7/"; http_uri; depth:70; isdataat:!1,relative; content:"youngparentforum.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291358/; classtype:trojan-activity;sid:81154458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/public/"; http_uri; depth:16; isdataat:!1,relative; content:"hh.kay-tech.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291357/; classtype:trojan-activity;sid:81154457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/x9j03girvh/i0k8fv-435630742-667651-g926hcre-bus7olzso/"; http_uri; depth:67; isdataat:!1,relative; content:"college.kay-tech.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291356/; classtype:trojan-activity;sid:81154456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/iuzymw-x8dlb-00/"; http_uri; depth:29; isdataat:!1,relative; content:"autic.vn"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291355/; classtype:trojan-activity;sid:81154455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/doc/18e-428-0519-r3tpbsyt-q2m3s3b8zm/"; http_uri; depth:46; isdataat:!1,relative; content:"rudoacapellazambia.kay-tech.info"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291354/; classtype:trojan-activity;sid:81154454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/esp/8u2m137hw9/0xbmlse-7955-233965780-r47t-30ynpezpw/"; http_uri; depth:62; isdataat:!1,relative; content:"woodlandsconference.kay-tech.info"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291353/; classtype:trojan-activity;sid:81154453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/terml/fedjwrtns/"; http_uri; depth:17; isdataat:!1,relative; content:"www.studion.id"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291352/; classtype:trojan-activity;sid:81154452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/"; http_uri; depth:17; isdataat:!1,relative; content:"school.kay-tech.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291351/; classtype:trojan-activity;sid:81154451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/payment/ml3ysqs7b48/"; http_uri; depth:29; isdataat:!1,relative; content:"faceonline.kay-tech.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291350/; classtype:trojan-activity;sid:81154450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wuk/"; http_uri; depth:16; isdataat:!1,relative; content:"cosmotrendz.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291347/; classtype:trojan-activity;sid:81154447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/browse/u1ya4ugsxs/"; http_uri; depth:31; isdataat:!1,relative; content:"autic.vn"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291346/; classtype:trojan-activity;sid:81154446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/esp/q5nv8u88egr/r9i69-849334-864802-5zzp-xcvcp6bd/"; http_uri; depth:51; isdataat:!1,relative; content:"bientanlenze.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291345/; classtype:trojan-activity;sid:81154445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291343/; classtype:trojan-activity;sid:81154443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.162.181.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291341/; classtype:trojan-activity;sid:81154441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291336/; classtype:trojan-activity;sid:81154436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291334/; classtype:trojan-activity;sid:81154434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291333/; classtype:trojan-activity;sid:81154433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/q/"; http_uri; depth:11; isdataat:!1,relative; content:"www.cometprint.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291332/; classtype:trojan-activity;sid:81154432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/r83g9/"; http_uri; depth:16; isdataat:!1,relative; content:"www.bluedream.al"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_18; reference:url, urlhaus.abuse.ch/url/291331/; classtype:trojan-activity;sid:81154431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zvbsd/9-34543442-0578387-y4re-ezmtqapd/"; http_uri; depth:40; isdataat:!1,relative; content:"ragaprotein.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291330/; classtype:trojan-activity;sid:81154430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/statement/9wrg0f-583355-182-782tt7-o2idqkei87e/"; http_uri; depth:59; isdataat:!1,relative; content:"unlockbulgaria.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291329/; classtype:trojan-activity;sid:81154429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qckinwj/"; http_uri; depth:20; isdataat:!1,relative; content:"unlockbulgaria.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291328/; classtype:trojan-activity;sid:81154428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/t848nwr5-sg-1685/"; http_uri; depth:27; isdataat:!1,relative; content:"www.espace-vert.sdcrea.fr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291327/; classtype:trojan-activity;sid:81154427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sites/dj19fpc300/"; http_uri; depth:18; isdataat:!1,relative; content:"a2zcarsales.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291326/; classtype:trojan-activity;sid:81154426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/"; http_uri; depth:16; isdataat:!1,relative; content:"gunanenadiriya.lk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291325/; classtype:trojan-activity;sid:81154425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/allimg/95g4h1-ww-30/"; http_uri; depth:21; isdataat:!1,relative; content:"aparato.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291324/; classtype:trojan-activity;sid:81154424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/qaapdk-009-8753-st3ku-zy5zi8kp/"; http_uri; depth:49; isdataat:!1,relative; content:"paytowrite.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291323/; classtype:trojan-activity;sid:81154423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/swift/kc09u9zmcpb7/"; http_uri; depth:29; isdataat:!1,relative; content:"indusfab.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291322/; classtype:trojan-activity;sid:81154422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dcofq/"; http_uri; depth:18; isdataat:!1,relative; content:"fe.unismuhluwuk.ac.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291321/; classtype:trojan-activity;sid:81154421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/"; http_uri; depth:21; isdataat:!1,relative; content:"www.new.autorich.in.ua"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291320/; classtype:trojan-activity;sid:81154420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/9aq227j-bj0g-90/"; http_uri; depth:26; isdataat:!1,relative; content:"www.qmh333.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291319/; classtype:trojan-activity;sid:81154419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/o4auxfc03/w2tpg9r-020150-9382-d9xjav4mgfv-5cao/"; http_uri; depth:65; isdataat:!1,relative; content:"ecuatecnikos.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291318/; classtype:trojan-activity;sid:81154418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vwt-l4-68734/"; http_uri; depth:23; isdataat:!1,relative; content:"activatemagicsjacks.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291317/; classtype:trojan-activity;sid:81154417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.159.207.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291316/; classtype:trojan-activity;sid:81154416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.95.244.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291315/; classtype:trojan-activity;sid:81154415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291314/; classtype:trojan-activity;sid:81154414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.174.156.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291313/; classtype:trojan-activity;sid:81154413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.32.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291312/; classtype:trojan-activity;sid:81154412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.169.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291311/; classtype:trojan-activity;sid:81154411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.183.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291310/; classtype:trojan-activity;sid:81154410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.26.160.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291309/; classtype:trojan-activity;sid:81154409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291308/; classtype:trojan-activity;sid:81154408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291307/; classtype:trojan-activity;sid:81154407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291306/; classtype:trojan-activity;sid:81154406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291305/; classtype:trojan-activity;sid:81154405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.79.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291304/; classtype:trojan-activity;sid:81154404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cespcno-64317-240347843-ocrxb5czd-k8tjn9/"; http_uri; depth:51; isdataat:!1,relative; content:"globalexpert.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291303/; classtype:trojan-activity;sid:81154403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/statement/"; http_uri; depth:23; isdataat:!1,relative; content:"trafs.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291302/; classtype:trojan-activity;sid:81154402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aok/ipjzkpa/"; http_uri; depth:13; isdataat:!1,relative; content:"veccino56.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291301/; classtype:trojan-activity;sid:81154401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/documentation/s79wt-68001-60-m1nk7dvyab-ndugn1px/"; http_uri; depth:69; isdataat:!1,relative; content:"www.diseniares.com.ar"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291300/; classtype:trojan-activity;sid:81154400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/balance/om34agmbv/"; http_uri; depth:28; isdataat:!1,relative; content:"www.fappictures.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291299/; classtype:trojan-activity;sid:81154399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/appserv/paclm/aebj2s/dcw7ups-44262555-768554664-3jey0-mtx2znu9j/"; http_uri; depth:65; isdataat:!1,relative; content:"audio.lapcc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291298/; classtype:trojan-activity;sid:81154398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/1374xv/"; http_uri; depth:17; isdataat:!1,relative; content:"mojehaftom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291297/; classtype:trojan-activity;sid:81154397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ddy/"; http_uri; depth:17; isdataat:!1,relative; content:"www.mjmechanical.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291296/; classtype:trojan-activity;sid:81154396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/k1a/"; http_uri; depth:14; isdataat:!1,relative; content:"sfmac.biz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291295/; classtype:trojan-activity;sid:81154395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/qdq/"; http_uri; depth:24; isdataat:!1,relative; content:"myphamthanhbinh.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291294/; classtype:trojan-activity;sid:81154394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mp3/18ox6h/"; http_uri; depth:12; isdataat:!1,relative; content:"adykurniawan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291293/; classtype:trojan-activity;sid:81154393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/42-94b-2635/"; http_uri; depth:24; isdataat:!1,relative; content:"pabbynewslivegh.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291292/; classtype:trojan-activity;sid:81154392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cdn/scan/3nc7vnn-858759687-97668601-rj7p5vqste-1g5fsp1i/"; http_uri; depth:57; isdataat:!1,relative; content:"onlinepeliculas.tv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291291/; classtype:trojan-activity;sid:81154391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ucip/"; http_uri; depth:15; isdataat:!1,relative; content:"elektrik51.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291290/; classtype:trojan-activity;sid:81154390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/g2b8/jh1nmml8/"; http_uri; depth:15; isdataat:!1,relative; content:"pudehaichuang.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291289/; classtype:trojan-activity;sid:81154389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"99.112.172.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291288/; classtype:trojan-activity;sid:81154388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hvn/invoice/46u8lv-05932-47715-216740-jrpawuanr/"; http_uri; depth:49; isdataat:!1,relative; content:"kulshai.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291287/; classtype:trojan-activity;sid:81154387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/w-558010-78315-w1ooj3zy6-osxqyuse99/"; http_uri; depth:54; isdataat:!1,relative; content:"www.boutiquelive.fr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291286/; classtype:trojan-activity;sid:81154386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gl3g-d1-225032/"; http_uri; depth:25; isdataat:!1,relative; content:"www.shaagon.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291285/; classtype:trojan-activity;sid:81154385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/paclm/"; http_uri; depth:17; isdataat:!1,relative; content:"www.aucloud.club"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291284/; classtype:trojan-activity;sid:81154384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/6mf9fmo-708840-22-3nt39dqa8d-1i9tw7cobgo/"; http_uri; depth:58; isdataat:!1,relative; content:"wasino.co.th"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291283/; classtype:trojan-activity;sid:81154383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/t8z8q0r-onbv-125/"; http_uri; depth:37; isdataat:!1,relative; content:"www.marketseg.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291282/; classtype:trojan-activity;sid:81154382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.45.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291281/; classtype:trojan-activity;sid:81154381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291280/; classtype:trojan-activity;sid:81154380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291279/; classtype:trojan-activity;sid:81154379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291278/; classtype:trojan-activity;sid:81154378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291277/; classtype:trojan-activity;sid:81154377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.19.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291276/; classtype:trojan-activity;sid:81154376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291275/; classtype:trojan-activity;sid:81154375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.155.75.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291274/; classtype:trojan-activity;sid:81154374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.34.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291273/; classtype:trojan-activity;sid:81154373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.195.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291272/; classtype:trojan-activity;sid:81154372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.250.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291271/; classtype:trojan-activity;sid:81154371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.46.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291270/; classtype:trojan-activity;sid:81154370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.75.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291269/; classtype:trojan-activity;sid:81154369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.128.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291268/; classtype:trojan-activity;sid:81154368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.149.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291267/; classtype:trojan-activity;sid:81154367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291266/; classtype:trojan-activity;sid:81154366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.77.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291265/; classtype:trojan-activity;sid:81154365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/21z1e00/po5n1t-4889011914-2119483-b0eo63tng-ha5mdl3ty16/"; http_uri; depth:76; isdataat:!1,relative; content:"www.yakuplucilingir.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291264/; classtype:trojan-activity;sid:81154364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/iyka2it9/d1o5nsz-8211219-08469335-z76j0-t6w3jzjbu2w/"; http_uri; depth:67; isdataat:!1,relative; content:"www.yakuplucilingir.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291263/; classtype:trojan-activity;sid:81154363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lhcvqsr/"; http_uri; depth:21; isdataat:!1,relative; content:"khanhbuiads.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291262/; classtype:trojan-activity;sid:81154362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/report/46u8lve0hbh/08-0759927549-5941-3zv9icudp48-yxiwn/"; http_uri; depth:66; isdataat:!1,relative; content:"yakuplucilingir.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291261/; classtype:trojan-activity;sid:81154361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cartoes-pay/browse/03y3jd41y03a/"; http_uri; depth:33; isdataat:!1,relative; content:"www.autopass.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291260/; classtype:trojan-activity;sid:81154360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/back-up/ijf/"; http_uri; depth:13; isdataat:!1,relative; content:"picrayscaricature.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291259/; classtype:trojan-activity;sid:81154359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jk/swift/qbxji8/6md-50486568-95566040-9u9y3uwj-h1hqo3/"; http_uri; depth:55; isdataat:!1,relative; content:"paginas.constructorajksalcedo.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291258/; classtype:trojan-activity;sid:81154358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mmth4/statement/50t0202d6ot/go2-83785-009-ogv8-73ui/"; http_uri; depth:53; isdataat:!1,relative; content:"honamcharity.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291257/; classtype:trojan-activity;sid:81154357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/exfrrwdza/"; http_uri; depth:16; isdataat:!1,relative; content:"moleculelabs.co.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291256/; classtype:trojan-activity;sid:81154356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/fc9-nq27q-834358/"; http_uri; depth:30; isdataat:!1,relative; content:"thedot.vn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291255/; classtype:trojan-activity;sid:81154355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/docs/xy8-2166019318-28898-cxmyk0-m66kv7q/"; http_uri; depth:51; isdataat:!1,relative; content:"trinity.com.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291254/; classtype:trojan-activity;sid:81154354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/public/v3faye-363391924-34-mmvdai8-8kn425ugy3ft/"; http_uri; depth:68; isdataat:!1,relative; content:"wefixit-lb.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291253/; classtype:trojan-activity;sid:81154353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0ebt729lerf/"; http_uri; depth:22; isdataat:!1,relative; content:"www.youthplant.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291252/; classtype:trojan-activity;sid:81154352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0krm7qbj-4m-093332/"; http_uri; depth:29; isdataat:!1,relative; content:"triseoso1.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291251/; classtype:trojan-activity;sid:81154351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/public/"; http_uri; depth:20; isdataat:!1,relative; content:"nguyendinhhieu.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291250/; classtype:trojan-activity;sid:81154350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.240.197.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291249/; classtype:trojan-activity;sid:81154349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.147.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291248/; classtype:trojan-activity;sid:81154348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.42.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291247/; classtype:trojan-activity;sid:81154347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.40.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291246/; classtype:trojan-activity;sid:81154346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.80.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291245/; classtype:trojan-activity;sid:81154345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291244/; classtype:trojan-activity;sid:81154344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291243/; classtype:trojan-activity;sid:81154343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.94.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291242/; classtype:trojan-activity;sid:81154342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291241/; classtype:trojan-activity;sid:81154341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.60.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291240/; classtype:trojan-activity;sid:81154340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291239/; classtype:trojan-activity;sid:81154339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291238/; classtype:trojan-activity;sid:81154338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291237/; classtype:trojan-activity;sid:81154337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.58.81.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291236/; classtype:trojan-activity;sid:81154336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.233.83.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291235/; classtype:trojan-activity;sid:81154335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.110.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291234/; classtype:trojan-activity;sid:81154334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/pimhi5v0376d/"; http_uri; depth:35; isdataat:!1,relative; content:"mayxaydunghongha.com.vn"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291233/; classtype:trojan-activity;sid:81154333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/hl5v-8lfqf-0881/"; http_uri; depth:31; isdataat:!1,relative; content:"upstart.ru.ac.za"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291232/; classtype:trojan-activity;sid:81154332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/7tqgs2cr9h/"; http_uri; depth:31; isdataat:!1,relative; content:"rezaazizi.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291231/; classtype:trojan-activity;sid:81154331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uapalv-r1ik-379233/"; http_uri; depth:31; isdataat:!1,relative; content:"app.trafficivy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291230/; classtype:trojan-activity;sid:81154330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oct/"; http_uri; depth:14; isdataat:!1,relative; content:"topbut.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291229/; classtype:trojan-activity;sid:81154329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/q2s9vutz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291228/; classtype:trojan-activity;sid:81154328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/uolhmm/rbk2w3r-8813-335449226-jlh5qgo86c1-ntz3/"; http_uri; depth:64; isdataat:!1,relative; content:"www.oyunw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291227/; classtype:trojan-activity;sid:81154327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/661324961083949079/666790222515666974/bank_details.img"; http_uri; depth:67; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291226/; classtype:trojan-activity;sid:81154326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/singapore/documentation/j-896806265-07880-ew1hxo1ndu0-w5u6dw6oqks/"; http_uri; depth:67; isdataat:!1,relative; content:"www.thefoodco.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291225/; classtype:trojan-activity;sid:81154325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/4ltem2-c22a4-58173/"; http_uri; depth:31; isdataat:!1,relative; content:"demo.wpscope.tv"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291224/; classtype:trojan-activity;sid:81154324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vzfhoh/"; http_uri; depth:17; isdataat:!1,relative; content:"www.dev.internetmarketingtypes.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291223/; classtype:trojan-activity;sid:81154323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/mddpuw0n-j5oi-198985/"; http_uri; depth:30; isdataat:!1,relative; content:"disnakkan.blitarkab.go.id"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291222/; classtype:trojan-activity;sid:81154322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291221/; classtype:trojan-activity;sid:81154321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291220/; classtype:trojan-activity;sid:81154320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291219/; classtype:trojan-activity;sid:81154319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/attachments/glvsxe-8740-0649459-pecpthwohp-zh09/"; http_uri; depth:58; isdataat:!1,relative; content:"bdsnhontrach.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291218/; classtype:trojan-activity;sid:81154318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/yuu86u/d-30331402-76025425-lszysm-fbd61x8ttaj8/"; http_uri; depth:62; isdataat:!1,relative; content:"complementum.biz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291217/; classtype:trojan-activity;sid:81154317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291216/; classtype:trojan-activity;sid:81154316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/irf54zx-f2ac-84686/"; http_uri; depth:31; isdataat:!1,relative; content:"elliteempregos.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291215/; classtype:trojan-activity;sid:81154315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.229.147.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291214/; classtype:trojan-activity;sid:81154314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.193.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291213/; classtype:trojan-activity;sid:81154313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.151.202.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291212/; classtype:trojan-activity;sid:81154312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291211/; classtype:trojan-activity;sid:81154311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.156.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291210/; classtype:trojan-activity;sid:81154310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291209/; classtype:trojan-activity;sid:81154309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.100.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291208/; classtype:trojan-activity;sid:81154308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.123.25.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291207/; classtype:trojan-activity;sid:81154307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.35.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291206/; classtype:trojan-activity;sid:81154306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oct/150n218/"; http_uri; depth:22; isdataat:!1,relative; content:"demo.stickypost.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291205/; classtype:trojan-activity;sid:81154305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/public/"; http_uri; depth:19; isdataat:!1,relative; content:"givemeblood.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291204/; classtype:trojan-activity;sid:81154304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/events/8htpcw-pfo-3150/"; http_uri; depth:24; isdataat:!1,relative; content:"womenhealth.aureliusconferences.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291203/; classtype:trojan-activity;sid:81154303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/esp/"; http_uri; depth:14; isdataat:!1,relative; content:"asiantechnology.com.hk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291202/; classtype:trojan-activity;sid:81154302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cache/22330054324/vfskk0hy8/"; http_uri; depth:29; isdataat:!1,relative; content:"sxm.holidayrental.okaseo.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291201/; classtype:trojan-activity;sid:81154301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/cjny/"; http_uri; depth:18; isdataat:!1,relative; content:"azzatravels.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291200/; classtype:trojan-activity;sid:81154300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/aggrp2crnz-nt74vk3f-91560/"; http_uri; depth:36; isdataat:!1,relative; content:"mcuong.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291199/; classtype:trojan-activity;sid:81154299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/hjjz1r5p-5n7mea41-7609513198/"; http_uri; depth:38; isdataat:!1,relative; content:"neproperty.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291198/; classtype:trojan-activity;sid:81154298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pts/ys8cwojcvc-k1ks0vpkk9-3619095223/"; http_uri; depth:38; isdataat:!1,relative; content:"parentingtopsecrets.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291197/; classtype:trojan-activity;sid:81154297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vdgenx/"; http_uri; depth:19; isdataat:!1,relative; content:"koddata.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291196/; classtype:trojan-activity;sid:81154296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cache/12zl5o-duttqzih2-31839309/"; http_uri; depth:33; isdataat:!1,relative; content:"okaseo.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291195/; classtype:trojan-activity;sid:81154295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/file/925zh6753jv6/"; http_uri; depth:27; isdataat:!1,relative; content:"www.blog.loanwalle.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291194/; classtype:trojan-activity;sid:81154294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/2en8-2qmi-5826/"; http_uri; depth:26; isdataat:!1,relative; content:"senolaysrc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291193/; classtype:trojan-activity;sid:81154293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/balance/exjpxh1bzvv/fnv2aa-22522-1347-qmeeuh98g5-001rcw2i/"; http_uri; depth:68; isdataat:!1,relative; content:"floridakeysdocks.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291192/; classtype:trojan-activity;sid:81154292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ygm3tazl"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291191/; classtype:trojan-activity;sid:81154291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/2m9z65cjj3/t1v-902-3076218-k8cuv9-caggpmfh/"; http_uri; depth:56; isdataat:!1,relative; content:"floridakeysdocks.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291190/; classtype:trojan-activity;sid:81154290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/divbf-o8p-9766/"; http_uri; depth:24; isdataat:!1,relative; content:"westbengal.nirbhaymedia.in"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291189/; classtype:trojan-activity;sid:81154289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/yysn5-130737-9201067-melm80sxj-72bezyorg7/"; http_uri; depth:58; isdataat:!1,relative; content:"membros.rendaprevi.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291188/; classtype:trojan-activity;sid:81154288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rn2k/"; http_uri; depth:15; isdataat:!1,relative; content:"blog.50cms.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291187/; classtype:trojan-activity;sid:81154287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/addons/jmvvhuns/"; http_uri; depth:17; isdataat:!1,relative; content:"wqapp.50cms.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291186/; classtype:trojan-activity;sid:81154286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gf7wb/"; http_uri; depth:18; isdataat:!1,relative; content:"help.jasaconnect.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291185/; classtype:trojan-activity;sid:81154285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/m0l/"; http_uri; depth:14; isdataat:!1,relative; content:"txblog.50cms.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291184/; classtype:trojan-activity;sid:81154284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gu/"; http_uri; depth:13; isdataat:!1,relative; content:"www.aoobee.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291183/; classtype:trojan-activity;sid:81154283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/awstats-icon/esp/wldc0pcx/168f-742170-36-jqab6s10wg-c5maqsm4f/"; http_uri; depth:63; isdataat:!1,relative; content:"jamilabyraies.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291182/; classtype:trojan-activity;sid:81154282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/nviwtd/"; http_uri; depth:12; isdataat:!1,relative; content:"status.mrddy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291181/; classtype:trojan-activity;sid:81154281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/llc/"; http_uri; depth:16; isdataat:!1,relative; content:"www.pws.bz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291180/; classtype:trojan-activity;sid:81154280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/invoice/t643b2/"; http_uri; depth:25; isdataat:!1,relative; content:"mcalbertoxd.000webhostapp.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291179/; classtype:trojan-activity;sid:81154279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/balance/e918r2r/"; http_uri; depth:29; isdataat:!1,relative; content:"www.aquos-sunbeauty.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291178/; classtype:trojan-activity;sid:81154278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/dj8-d0n-77/"; http_uri; depth:16; isdataat:!1,relative; content:"status.mrddy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291177/; classtype:trojan-activity;sid:81154277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/public/"; http_uri; depth:20; isdataat:!1,relative; content:"www.dresslifes.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291176/; classtype:trojan-activity;sid:81154276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291175/; classtype:trojan-activity;sid:81154275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291174/; classtype:trojan-activity;sid:81154274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291173/; classtype:trojan-activity;sid:81154273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291172/; classtype:trojan-activity;sid:81154272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.123.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291171/; classtype:trojan-activity;sid:81154271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.46.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291170/; classtype:trojan-activity;sid:81154270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.36.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291169/; classtype:trojan-activity;sid:81154269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/statement/"; http_uri; depth:22; isdataat:!1,relative; content:"sharevission.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291168/; classtype:trojan-activity;sid:81154268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pdlzlrcy/"; http_uri; depth:19; isdataat:!1,relative; content:"masputra.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291167/; classtype:trojan-activity;sid:81154267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"141.226.94.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291166/; classtype:trojan-activity;sid:81154266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.66.108.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291165/; classtype:trojan-activity;sid:81154265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/r49led0454/cuey5jm-7404-9065188-webo1huom7v-1cle3l/"; http_uri; depth:70; isdataat:!1,relative; content:"edufoxconsultancy.000webhostapp.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291164/; classtype:trojan-activity;sid:81154264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/documentation/r-237407240-33542594-2yn1kereb-5264jl7jzu/"; http_uri; depth:62; isdataat:!1,relative; content:"jack8.tk"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291163/; classtype:trojan-activity;sid:81154263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/node_modules/yghwv/"; http_uri; depth:20; isdataat:!1,relative; content:"keshavalur.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291162/; classtype:trojan-activity;sid:81154262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3308"; http_uri; depth:5; isdataat:!1,relative; content:"104.148.19.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291161/; classtype:trojan-activity;sid:81154261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/reporting/"; http_uri; depth:20; isdataat:!1,relative; content:"tienda-bombillo.000webhostapp.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291160/; classtype:trojan-activity;sid:81154260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/zjxnv-2l-414945/"; http_uri; depth:30; isdataat:!1,relative; content:"nhakhoaocare.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291159/; classtype:trojan-activity;sid:81154259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i/invoice/5-0060435295-597831-ir215d5bst4-aabsuoaq0b/"; http_uri; depth:54; isdataat:!1,relative; content:"iqmailiq.000webhostapp.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291158/; classtype:trojan-activity;sid:81154258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/oct/efkw-2422-04-x8uyx8z-gas86jio2q/"; http_uri; depth:44; isdataat:!1,relative; content:"gurukool.tech"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291157/; classtype:trojan-activity;sid:81154257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ukm-pmxs6-1998/"; http_uri; depth:25; isdataat:!1,relative; content:"sokrit-mb-app.freelancekh.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291156/; classtype:trojan-activity;sid:81154256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/report/5vy60rtog3/"; http_uri; depth:31; isdataat:!1,relative; content:"safexstreet.tec1m.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291155/; classtype:trojan-activity;sid:81154255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/ubr/"; http_uri; depth:29; isdataat:!1,relative; content:"dieukhiendieuhoa.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291154/; classtype:trojan-activity;sid:81154254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/do2l9oe8zx/"; http_uri; depth:27; isdataat:!1,relative; content:"expresi.club"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291153/; classtype:trojan-activity;sid:81154253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/report/"; http_uri; depth:19; isdataat:!1,relative; content:"baohoviendong.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291152/; classtype:trojan-activity;sid:81154252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vv2fdxa3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291151/; classtype:trojan-activity;sid:81154251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/hgjz-91329-45-8m25fg862-2brwadkbvuot/"; http_uri; depth:61; isdataat:!1,relative; content:"htatuz.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291150/; classtype:trojan-activity;sid:81154250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dc1-aimc2-001977/"; http_uri; depth:29; isdataat:!1,relative; content:"vexacom.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291149/; classtype:trojan-activity;sid:81154249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/rdug4h9/129d0k-6325388840-333-t9tvr8eq21-zlr3wk/"; http_uri; depth:62; isdataat:!1,relative; content:"www.drsudhirhebbar.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291148/; classtype:trojan-activity;sid:81154248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/zoaoxtg9rchi/o-79307-189455-pca0q19jlea-ayuoxeq4k/"; http_uri; depth:67; isdataat:!1,relative; content:"rcdod.rtyva.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291147/; classtype:trojan-activity;sid:81154247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ulg/"; http_uri; depth:16; isdataat:!1,relative; content:"jet2.didev.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291146/; classtype:trojan-activity;sid:81154246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291145/; classtype:trojan-activity;sid:81154245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291144/; classtype:trojan-activity;sid:81154244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291143/; classtype:trojan-activity;sid:81154243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291142/; classtype:trojan-activity;sid:81154242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291141/; classtype:trojan-activity;sid:81154241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"eventosenlineamx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291140/; classtype:trojan-activity;sid:81154240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/2638/083-5564961961-807159-15b61-v0jzsn1wbf6/"; http_uri; depth:57; isdataat:!1,relative; content:"edu.utec.edu.uy"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291139/; classtype:trojan-activity;sid:81154239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.153.190.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291138/; classtype:trojan-activity;sid:81154238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.192.154.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291137/; classtype:trojan-activity;sid:81154237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.87.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291136/; classtype:trojan-activity;sid:81154236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.144.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291135/; classtype:trojan-activity;sid:81154235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291134/; classtype:trojan-activity;sid:81154234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.50.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291133/; classtype:trojan-activity;sid:81154233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.4.167.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291132/; classtype:trojan-activity;sid:81154232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291131/; classtype:trojan-activity;sid:81154231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291130/; classtype:trojan-activity;sid:81154230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291129/; classtype:trojan-activity;sid:81154229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.46.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291128/; classtype:trojan-activity;sid:81154228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.47.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291127/; classtype:trojan-activity;sid:81154227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.55.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291126/; classtype:trojan-activity;sid:81154226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.62.27.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291125/; classtype:trojan-activity;sid:81154225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.227.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291124/; classtype:trojan-activity;sid:81154224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.71.136.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291123/; classtype:trojan-activity;sid:81154223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291122/; classtype:trojan-activity;sid:81154222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.120.33.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291121/; classtype:trojan-activity;sid:81154221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291120/; classtype:trojan-activity;sid:81154220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/invoice/"; http_uri; depth:28; isdataat:!1,relative; content:"mdj2.maleo.social"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291119/; classtype:trojan-activity;sid:81154219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vecbmsgh/"; http_uri; depth:21; isdataat:!1,relative; content:"hrm.desevens.com.ng"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291118/; classtype:trojan-activity;sid:81154218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/member/invoice/ewde1h3meg/5p689-280-2570-fgxao9dx5ld-qajfmxuxi/"; http_uri; depth:64; isdataat:!1,relative; content:"official.co.id"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291117/; classtype:trojan-activity;sid:81154217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/w726h1/taq4pg-6669670705-03930672-fpmtskjpv-600l14wrp/"; http_uri; depth:64; isdataat:!1,relative; content:"fashionfootprint.nmco.co.za"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291116/; classtype:trojan-activity;sid:81154216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/asset/h23-m5jy6-50392/"; http_uri; depth:23; isdataat:!1,relative; content:"hub.desevens.com.ng"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291115/; classtype:trojan-activity;sid:81154215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inc/"; http_uri; depth:14; isdataat:!1,relative; content:"fashionfootprint.leseditextiles.co.za"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291114/; classtype:trojan-activity;sid:81154214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/5zytfxz-27277876-3550078-d64d9lx622c-tkdshweozs/"; http_uri; depth:68; isdataat:!1,relative; content:"desevens.desevens.com.ng"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291113/; classtype:trojan-activity;sid:81154213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gpnek7-41f1q-0166/"; http_uri; depth:30; isdataat:!1,relative; content:"rebackup.desevens.com.ng"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291112/; classtype:trojan-activity;sid:81154212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/"; http_uri; depth:26; isdataat:!1,relative; content:"academy.desevens.com.ng"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291111/; classtype:trojan-activity;sid:81154211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/myn86egf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291110/; classtype:trojan-activity;sid:81154210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/z9c0sazdn1tk/nvp-95593084-94959-3aron8-5b7p/"; http_uri; depth:64; isdataat:!1,relative; content:"wmf.desevens.com.ng"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291109/; classtype:trojan-activity;sid:81154209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qtwucimhq/"; http_uri; depth:11; isdataat:!1,relative; content:"www.sunpi.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291108/; classtype:trojan-activity;sid:81154208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/sites/ay3mpn6g/w16px66-310-79330126-0fs1l7i2i5-dq0w7g8/"; http_uri; depth:64; isdataat:!1,relative; content:"crm.desevens.com.ng"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291107/; classtype:trojan-activity;sid:81154207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/reporting/"; http_uri; depth:20; isdataat:!1,relative; content:"uniquetents.co.ke"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291106/; classtype:trojan-activity;sid:81154206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/k80giu-fn-9235/"; http_uri; depth:27; isdataat:!1,relative; content:"portal.iapajus.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291105/; classtype:trojan-activity;sid:81154205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/file/j64b-3857-14653840-1qf17-1kvh/"; http_uri; depth:44; isdataat:!1,relative; content:"crm.desevens.com.ng"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291104/; classtype:trojan-activity;sid:81154204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/reporting/51vsjb/"; http_uri; depth:29; isdataat:!1,relative; content:"shopthelook.desevens.com.ng"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291103/; classtype:trojan-activity;sid:81154203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentysixteen/jet/"; http_uri; depth:37; isdataat:!1,relative; content:"lp.iapajus.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291102/; classtype:trojan-activity;sid:81154202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/documentation/"; http_uri; depth:18; isdataat:!1,relative; content:"padlilli.desevens.com.ng"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291101/; classtype:trojan-activity;sid:81154201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/payment/3gktoj3r/bild-72121-071870-9ebzsg4dasb-q8ak1kms1r/"; http_uri; depth:73; isdataat:!1,relative; content:"www.scriptmarket.cn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291100/; classtype:trojan-activity;sid:81154200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.91.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291099/; classtype:trojan-activity;sid:81154199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.4.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291098/; classtype:trojan-activity;sid:81154198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291097/; classtype:trojan-activity;sid:81154197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291096/; classtype:trojan-activity;sid:81154196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291095/; classtype:trojan-activity;sid:81154195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291094/; classtype:trojan-activity;sid:81154194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.74.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291093/; classtype:trojan-activity;sid:81154193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291092/; classtype:trojan-activity;sid:81154192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291091/; classtype:trojan-activity;sid:81154191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.30.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291090/; classtype:trojan-activity;sid:81154190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291089/; classtype:trojan-activity;sid:81154189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291088/; classtype:trojan-activity;sid:81154188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.165.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291087/; classtype:trojan-activity;sid:81154187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291086/; classtype:trojan-activity;sid:81154186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291085/; classtype:trojan-activity;sid:81154185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.247.161.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291084/; classtype:trojan-activity;sid:81154184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/file/su0m41tc/"; http_uri; depth:34; isdataat:!1,relative; content:"gardencity.mividahomes.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291083/; classtype:trojan-activity;sid:81154183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hestia/1le8-7qc-4567/"; http_uri; depth:22; isdataat:!1,relative; content:"cvcandydream.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291082/; classtype:trojan-activity;sid:81154182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/g5y7nvw4a/6hts41l-8952-7743-cuq66bht7mg-6f6j9whg2/"; http_uri; depth:74; isdataat:!1,relative; content:"maniamodas.000webhostapp.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291081/; classtype:trojan-activity;sid:81154181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/byuxhmji/"; http_uri; depth:19; isdataat:!1,relative; content:"torneopollos.000webhostapp.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291080/; classtype:trojan-activity;sid:81154180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bfxzybqur/"; http_uri; depth:20; isdataat:!1,relative; content:"vlee.kr"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291079/; classtype:trojan-activity;sid:81154179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/core/mzvfrwm/"; http_uri; depth:14; isdataat:!1,relative; content:"booking.arai.agency"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291078/; classtype:trojan-activity;sid:81154178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scss/eghgoiqi/"; http_uri; depth:15; isdataat:!1,relative; content:"amaarhomes.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291077/; classtype:trojan-activity;sid:81154177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ihpywxjaz/"; http_uri; depth:20; isdataat:!1,relative; content:"flixz.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291076/; classtype:trojan-activity;sid:81154176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/yysn5-130737-9201067-melm80sxj-72bezyorg7/"; http_uri; depth:58; isdataat:!1,relative; content:"membros.rendaprevi.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291075/; classtype:trojan-activity;sid:81154175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/productreviews/cmpl66707/"; http_uri; depth:26; isdataat:!1,relative; content:"laparoscopysales.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291074/; classtype:trojan-activity;sid:81154174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eizmp/qebx5357532/"; http_uri; depth:19; isdataat:!1,relative; content:"dienmaybepviet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291073/; classtype:trojan-activity;sid:81154173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ssl/skeouyhko/"; http_uri; depth:15; isdataat:!1,relative; content:"www.kozmikweb.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291072/; classtype:trojan-activity;sid:81154172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/o30gpfk/"; http_uri; depth:20; isdataat:!1,relative; content:"exclusivehhitz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291071/; classtype:trojan-activity;sid:81154171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/silzl49933/"; http_uri; depth:23; isdataat:!1,relative; content:"myphamsylic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291070/; classtype:trojan-activity;sid:81154170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/2bptfe/"; http_uri; depth:25; isdataat:!1,relative; content:"toko.jetweb.id"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291069/; classtype:trojan-activity;sid:81154169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitemap/pyihzp/"; http_uri; depth:16; isdataat:!1,relative; content:"jetweb.id"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291068/; classtype:trojan-activity;sid:81154168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/"; http_uri; depth:21; isdataat:!1,relative; content:"www.qal.unitir.edu.al"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291067/; classtype:trojan-activity;sid:81154167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/z5qf7tpf21z6/cfg-018052720-753640139-m7cvhd-qdpwelj/"; http_uri; depth:64; isdataat:!1,relative; content:"kobbienews.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291066/; classtype:trojan-activity;sid:81154166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/dh1/"; http_uri; depth:24; isdataat:!1,relative; content:"marshalgroup.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291065/; classtype:trojan-activity;sid:81154165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pwhm6p/"; http_uri; depth:19; isdataat:!1,relative; content:"shopdinhviviettel.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291064/; classtype:trojan-activity;sid:81154164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y48h/"; http_uri; depth:6; isdataat:!1,relative; content:"jaberevents.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291063/; classtype:trojan-activity;sid:81154163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/81ynglg/"; http_uri; depth:18; isdataat:!1,relative; content:"sitesetup.cindydonovan.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291062/; classtype:trojan-activity;sid:81154162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/69n2/"; http_uri; depth:18; isdataat:!1,relative; content:"kiziltepeakyuzrehabilitasyon.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291061/; classtype:trojan-activity;sid:81154161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/browse/xpcrez/"; http_uri; depth:24; isdataat:!1,relative; content:"mysmarthouseap.000webhostapp.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291060/; classtype:trojan-activity;sid:81154160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/36gdjij/kjikmf1fyf/"; http_uri; depth:29; isdataat:!1,relative; content:"foodbug.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291059/; classtype:trojan-activity;sid:81154159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/n7qzgajz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291058/; classtype:trojan-activity;sid:81154158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/docs/"; http_uri; depth:10; isdataat:!1,relative; content:"deltapublicity.co.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291057/; classtype:trojan-activity;sid:81154157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lionz/lionz.exe"; http_uri; depth:16; isdataat:!1,relative; content:"masabikpanel.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291056/; classtype:trojan-activity;sid:81154156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/browse/gl1-63588-888093-m36kb7kdnd-ovnfv/"; http_uri; depth:51; isdataat:!1,relative; content:"elntech.co.za"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291055/; classtype:trojan-activity;sid:81154155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/w5cg0s66hrys/"; http_uri; depth:29; isdataat:!1,relative; content:"esports.geekcase.pt"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291054/; classtype:trojan-activity;sid:81154154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/balance/i6pcvkhrp24p/"; http_uri; depth:30; isdataat:!1,relative; content:"quinta.geekcase.pt"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291053/; classtype:trojan-activity;sid:81154153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/ubh/hezrkt.msi"; http_uri; depth:34; isdataat:!1,relative; content:"www.dunyasanitasyon.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291052/; classtype:trojan-activity;sid:81154152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/public/98im-03731357-001535960-79cx-h43e/"; http_uri; depth:51; isdataat:!1,relative; content:"bbs.anyakeji.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291051/; classtype:trojan-activity;sid:81154151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291050/; classtype:trojan-activity;sid:81154150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.112.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291049/; classtype:trojan-activity;sid:81154149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291048/; classtype:trojan-activity;sid:81154148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291047/; classtype:trojan-activity;sid:81154147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.96.87.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291046/; classtype:trojan-activity;sid:81154146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.46.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291045/; classtype:trojan-activity;sid:81154145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291044/; classtype:trojan-activity;sid:81154144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291043/; classtype:trojan-activity;sid:81154143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.171.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291042/; classtype:trojan-activity;sid:81154142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.111.202.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291041/; classtype:trojan-activity;sid:81154141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.184.211.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291040/; classtype:trojan-activity;sid:81154140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.59.134.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291039/; classtype:trojan-activity;sid:81154139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.192.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291038/; classtype:trojan-activity;sid:81154138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/overview/og23yrijud/"; http_uri; depth:30; isdataat:!1,relative; content:"womanairemag.richforeveronline.co.za"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291037/; classtype:trojan-activity;sid:81154137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oct/7sg1lhx1xcu/9tyfk-67734-38-0uffljc5-cojxsc1ebi2l/"; http_uri; depth:63; isdataat:!1,relative; content:"politeexecutiveshuttle.leseditextiles.co.za"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291036/; classtype:trojan-activity;sid:81154136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/balance/"; http_uri; depth:18; isdataat:!1,relative; content:"nmco.leseditextiles.co.za"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291035/; classtype:trojan-activity;sid:81154135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/document/"; http_uri; depth:28; isdataat:!1,relative; content:"viverdepericia.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291034/; classtype:trojan-activity;sid:81154134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/s5s3hi47mo2u/81v-0712401-915-ti52-wzqb/"; http_uri; depth:57; isdataat:!1,relative; content:"eliasevangelista.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291033/; classtype:trojan-activity;sid:81154133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/f7oggccgv/"; http_uri; depth:29; isdataat:!1,relative; content:"unoparjab.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291032/; classtype:trojan-activity;sid:81154132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/vesv9oyf/"; http_uri; depth:27; isdataat:!1,relative; content:"samawisata.didev.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291031/; classtype:trojan-activity;sid:81154131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ihfo/"; http_uri; depth:15; isdataat:!1,relative; content:"txshool.50cms.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291030/; classtype:trojan-activity;sid:81154130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/"; http_uri; depth:14; isdataat:!1,relative; content:"demo.growmatrics.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291029/; classtype:trojan-activity;sid:81154129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/addons/doc/k9y6-4772384653-3152-rz1tqwi21-9cz3w96/"; http_uri; depth:51; isdataat:!1,relative; content:"pdm.50cms.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291028/; classtype:trojan-activity;sid:81154128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/7kjm9-f7-39105/"; http_uri; depth:25; isdataat:!1,relative; content:"pf.kay-tech.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291027/; classtype:trojan-activity;sid:81154127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/static/parts_service/07kjjj1auy/jtp-017568-7406-2ddjiy2-esgbdcte6/"; http_uri; depth:67; isdataat:!1,relative; content:"txshop.50cms.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291026/; classtype:trojan-activity;sid:81154126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/qdcl-7cdl9-857/"; http_uri; depth:28; isdataat:!1,relative; content:"nutriprovitality.es"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291025/; classtype:trojan-activity;sid:81154125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/mtegarze7ajz/"; http_uri; depth:26; isdataat:!1,relative; content:"carc-astrology.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291024/; classtype:trojan-activity;sid:81154124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/parts_service/2kao4j/m2auv-979524578-30-hmwjkz49-fclzi5e6fsu/"; http_uri; depth:74; isdataat:!1,relative; content:"169batrieu.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291023/; classtype:trojan-activity;sid:81154123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.182.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291022/; classtype:trojan-activity;sid:81154122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.119.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291021/; classtype:trojan-activity;sid:81154121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.46.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291020/; classtype:trojan-activity;sid:81154120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.40.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291019/; classtype:trojan-activity;sid:81154119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.120.82.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291018/; classtype:trojan-activity;sid:81154118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.85.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291017/; classtype:trojan-activity;sid:81154117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291016/; classtype:trojan-activity;sid:81154116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.117.206.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291015/; classtype:trojan-activity;sid:81154115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.243.14.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291014/; classtype:trojan-activity;sid:81154114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291013/; classtype:trojan-activity;sid:81154113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291012/; classtype:trojan-activity;sid:81154112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.120.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291011/; classtype:trojan-activity;sid:81154111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291010/; classtype:trojan-activity;sid:81154110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/report/hsolcjb/"; http_uri; depth:25; isdataat:!1,relative; content:"cms.pokeralliance.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291009/; classtype:trojan-activity;sid:81154109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/otczg/"; http_uri; depth:16; isdataat:!1,relative; content:"gotechandafricanfountanain.nmco.co.za"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291008/; classtype:trojan-activity;sid:81154108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/overview/n-6345797735-335-ed1a8-lk07jsbwq/"; http_uri; depth:52; isdataat:!1,relative; content:"serwer.testowy.dkonto.pl"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291007/; classtype:trojan-activity;sid:81154107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/0v4ajx/"; http_uri; depth:19; isdataat:!1,relative; content:"texclubbd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291006/; classtype:trojan-activity;sid:81154106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/y64unq4t0/"; http_uri; depth:22; isdataat:!1,relative; content:"phoenixstoneandlaminate.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291005/; classtype:trojan-activity;sid:81154105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/uaqtemy/"; http_uri; depth:20; isdataat:!1,relative; content:"www.vibamasterbatch.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291004/; classtype:trojan-activity;sid:81154104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/tku7ax/"; http_uri; depth:23; isdataat:!1,relative; content:"www.netkafem.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291003/; classtype:trojan-activity;sid:81154103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/kxwh/"; http_uri; depth:13; isdataat:!1,relative; content:"neilwilliamson.ca"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291002/; classtype:trojan-activity;sid:81154102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nhwvx/"; http_uri; depth:19; isdataat:!1,relative; content:"blog.client.mx"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291001/; classtype:trojan-activity;sid:81154101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/swift/b7oc69672/"; http_uri; depth:26; isdataat:!1,relative; content:"kbelectricals.co.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/291000/; classtype:trojan-activity;sid:81154100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=1ytqkuio8zm8l1pu5lsereeusjnfcxhtf|7c|26|7c|export=download"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290999/; classtype:trojan-activity;sid:81154099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/rg7ek5p82sjd7dmb8gtpm6ck1pc0nh0g/1579269600000/11741132990843215769/*/1mln4bpyrbmetc_qzxhnp0dnjgfddcujke=download"; http_uri; depth:161; isdataat:!1,relative; content:"doc-10-c4-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290998/; classtype:trojan-activity;sid:81154098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/balance/4jh-114249-3812-3getwfervju-3fw88reu/"; http_uri; depth:52; isdataat:!1,relative; content:"bellconsulting.co.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290997/; classtype:trojan-activity;sid:81154097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gurqitb/"; http_uri; depth:21; isdataat:!1,relative; content:"mesi.edu.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290996/; classtype:trojan-activity;sid:81154096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/z005dg0fh/"; http_uri; depth:25; isdataat:!1,relative; content:"ratpoison.client.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290995/; classtype:trojan-activity;sid:81154095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/v5bsn0/0es-0085350024-4686-fiaywjpi8x-657m8c/"; http_uri; depth:62; isdataat:!1,relative; content:"safehealth.kay-tech.info"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290994/; classtype:trojan-activity;sid:81154094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yikscdwo/"; http_uri; depth:21; isdataat:!1,relative; content:"tier-2.desevens.com.ng"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290993/; classtype:trojan-activity;sid:81154093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/balance/jl33v9dhy/"; http_uri; depth:26; isdataat:!1,relative; content:"ruangku.id"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290992/; classtype:trojan-activity;sid:81154092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/balance/vh8-20243-290351909-unq1qu11n-9xg9czfo1c/"; http_uri; depth:55; isdataat:!1,relative; content:"istoselides.zerman.store"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290991/; classtype:trojan-activity;sid:81154091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/"; http_uri; depth:15; isdataat:!1,relative; content:"charity.vexacom.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290990/; classtype:trojan-activity;sid:81154090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/kvsg/"; http_uri; depth:17; isdataat:!1,relative; content:"shopviettel.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290989/; classtype:trojan-activity;sid:81154089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bootstrap/document/ektth91-42584-487-zbmucsdbv9f-vqci5qrocfn8/"; http_uri; depth:63; isdataat:!1,relative; content:"work.vexacom.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290988/; classtype:trojan-activity;sid:81154088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/sgk99-ggt-784/"; http_uri; depth:19; isdataat:!1,relative; content:"beadsbymk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290987/; classtype:trojan-activity;sid:81154087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fast/444444.png"; http_uri; depth:16; isdataat:!1,relative; content:"deccolab.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290986/; classtype:trojan-activity;sid:81154086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fast/invoice049740.zip"; http_uri; depth:23; isdataat:!1,relative; content:"madisonclubbar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290985/; classtype:trojan-activity;sid:81154085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/iepev/"; http_uri; depth:16; isdataat:!1,relative; content:"merxconstruction.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290984/; classtype:trojan-activity;sid:81154084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290983/; classtype:trojan-activity;sid:81154083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290982/; classtype:trojan-activity;sid:81154082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.42.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290981/; classtype:trojan-activity;sid:81154081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.106.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290980/; classtype:trojan-activity;sid:81154080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290979/; classtype:trojan-activity;sid:81154079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.173.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290978/; classtype:trojan-activity;sid:81154078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290977/; classtype:trojan-activity;sid:81154077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.214.145.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290976/; classtype:trojan-activity;sid:81154076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290975/; classtype:trojan-activity;sid:81154075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.61.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290974/; classtype:trojan-activity;sid:81154074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290973/; classtype:trojan-activity;sid:81154073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290972/; classtype:trojan-activity;sid:81154072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290971/; classtype:trojan-activity;sid:81154071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290970/; classtype:trojan-activity;sid:81154070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c_img/j1znu5qr/"; http_uri; depth:16; isdataat:!1,relative; content:"kaakaadoo.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290969/; classtype:trojan-activity;sid:81154069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/buy_item/omm7262/"; http_uri; depth:18; isdataat:!1,relative; content:"www.vannli.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290968/; classtype:trojan-activity;sid:81154068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w2.plastic-wiremesh.com/abm02/"; http_uri; depth:31; isdataat:!1,relative; content:"www.plastic-wiremesh.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290967/; classtype:trojan-activity;sid:81154067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e46a70d24f4162901a5dfbc139b40d49/gxgck/"; http_uri; depth:40; isdataat:!1,relative; content:"overwatchboostpro.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290966/; classtype:trojan-activity;sid:81154066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/atx0c415516/"; http_uri; depth:21; isdataat:!1,relative; content:"ushuscleaningservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290965/; classtype:trojan-activity;sid:81154065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/vvjen/"; http_uri; depth:21; isdataat:!1,relative; content:"vikisa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290964/; classtype:trojan-activity;sid:81154064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tploaa/qgolpgmbo/"; http_uri; depth:18; isdataat:!1,relative; content:"persongalize.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290963/; classtype:trojan-activity;sid:81154063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/sites/"; http_uri; depth:14; isdataat:!1,relative; content:"ipn.wfcguard.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290962/; classtype:trojan-activity;sid:81154062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/atk-y9dbc-9102694/"; http_uri; depth:27; isdataat:!1,relative; content:"berkahinternasional.co.id"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290961/; classtype:trojan-activity;sid:81154061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pdfc/etrac/09pk-8138237134-74381-qe5y0pj8u29-hz8j69ohu/"; http_uri; depth:56; isdataat:!1,relative; content:"nhacchoquangcao24h.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290960/; classtype:trojan-activity;sid:81154060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6mhgce-5r2f-79/"; http_uri; depth:27; isdataat:!1,relative; content:"www.abernecessities.co.uk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290959/; classtype:trojan-activity;sid:81154059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/swift/1pyvwqvy/lbg-6916645-09916361-s2q5w8ul2z-xkg4lbc2/"; http_uri; depth:66; isdataat:!1,relative; content:"www.fengbaoling.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290958/; classtype:trojan-activity;sid:81154058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/36hqkwax"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290957/; classtype:trojan-activity;sid:81154057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alertifyjs/docs/"; http_uri; depth:17; isdataat:!1,relative; content:"stock.xuandantrading.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290956/; classtype:trojan-activity;sid:81154056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/zcmbp-f70y-928026/"; http_uri; depth:30; isdataat:!1,relative; content:"www.abernecessities.co.uk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290955/; classtype:trojan-activity;sid:81154055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/esp/jp8wofuhp1en/"; http_uri; depth:30; isdataat:!1,relative; content:"shopnuochoa.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290954/; classtype:trojan-activity;sid:81154054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/"; http_uri; depth:5; isdataat:!1,relative; content:"tishreycarmelim.co.il"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290953/; classtype:trojan-activity;sid:81154053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rrktd1y-1v-75/"; http_uri; depth:24; isdataat:!1,relative; content:"www.ltyuye.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290952/; classtype:trojan-activity;sid:81154052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/zq9m0su/"; http_uri; depth:29; isdataat:!1,relative; content:"wfc.internetmarketingtypes.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290951/; classtype:trojan-activity;sid:81154051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/documentation/e8flesu2z9r/x1o85-5368083907-291-90yl-ibwwmvg88/"; http_uri; depth:75; isdataat:!1,relative; content:"zno-garant.com.ua"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290950/; classtype:trojan-activity;sid:81154050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/phsk/"; http_uri; depth:25; isdataat:!1,relative; content:"www.opticlinioptica.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290949/; classtype:trojan-activity;sid:81154049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/08210016417794793/uwt7zrh-781501-39629-gojzo3coa-ltduebrt/"; http_uri; depth:68; isdataat:!1,relative; content:"amusolutionsga.000webhostapp.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290948/; classtype:trojan-activity;sid:81154048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jasxmbk/"; http_uri; depth:18; isdataat:!1,relative; content:"vl.instagenius.io"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290947/; classtype:trojan-activity;sid:81154047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/314495182/pdob2o2/umnlhh-803587410-98110552-nvft2qaoi5-fkbs/"; http_uri; depth:69; isdataat:!1,relative; content:"auburnpeople.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290946/; classtype:trojan-activity;sid:81154046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.70.130.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290945/; classtype:trojan-activity;sid:81154045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290944/; classtype:trojan-activity;sid:81154044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290943/; classtype:trojan-activity;sid:81154043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.121.225.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290942/; classtype:trojan-activity;sid:81154042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.125.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290941/; classtype:trojan-activity;sid:81154041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.108.247.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290940/; classtype:trojan-activity;sid:81154040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.38.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290939/; classtype:trojan-activity;sid:81154039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.45.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290938/; classtype:trojan-activity;sid:81154038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290937/; classtype:trojan-activity;sid:81154037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290936/; classtype:trojan-activity;sid:81154036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290935/; classtype:trojan-activity;sid:81154035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.46.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290934/; classtype:trojan-activity;sid:81154034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.28.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290933/; classtype:trojan-activity;sid:81154033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290932/; classtype:trojan-activity;sid:81154032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.4.184.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290931/; classtype:trojan-activity;sid:81154031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.40.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290930/; classtype:trojan-activity;sid:81154030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/balance/nc7h82jsa88h/"; http_uri; depth:41; isdataat:!1,relative; content:"ciptateknika.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290929/; classtype:trojan-activity;sid:81154029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yh/6.exe"; http_uri; depth:9; isdataat:!1,relative; content:"yaner-hack.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290928/; classtype:trojan-activity;sid:81154028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ndecxcyq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290927/; classtype:trojan-activity;sid:81154027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42mldks/ndqetw/"; http_uri; depth:16; isdataat:!1,relative; content:"ycoffee.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290926/; classtype:trojan-activity;sid:81154026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/documentation/z60ysncyxu/"; http_uri; depth:35; isdataat:!1,relative; content:"disdik.sumbarprov.go.id"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290925/; classtype:trojan-activity;sid:81154025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/public/yvp1p8ib8/"; http_uri; depth:27; isdataat:!1,relative; content:"bejeweled-dock.000webhostapp.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290924/; classtype:trojan-activity;sid:81154024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sborky/7.exe"; http_uri; depth:13; isdataat:!1,relative; content:"yaner-hack.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290923/; classtype:trojan-activity;sid:81154023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/medved/1.exe"; http_uri; depth:13; isdataat:!1,relative; content:"yaner-hack.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290922/; classtype:trojan-activity;sid:81154022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42mldks/ag4qry6l-5o-4542/ag4qry6l-5o-4542/"; http_uri; depth:43; isdataat:!1,relative; content:"ycoffee.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290921/; classtype:trojan-activity;sid:81154021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/1qyj-3888305-532430897-2i0qalu5ar-o0nfplegq6ph/"; http_uri; depth:68; isdataat:!1,relative; content:"enotecalaculturadelvino.it"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290920/; classtype:trojan-activity;sid:81154020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/invoice/e96b57/"; http_uri; depth:25; isdataat:!1,relative; content:"erdoor.com.tr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290919/; classtype:trojan-activity;sid:81154019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qoyadklv/"; http_uri; depth:19; isdataat:!1,relative; content:"ghltkd.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290918/; classtype:trojan-activity;sid:81154018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/5522480888710/mhnem4m/yy2n3h-808887533-77604792-9mdrg8oyf-gqp0un9/"; http_uri; depth:76; isdataat:!1,relative; content:"dolmosalum01.000webhostapp.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290917/; classtype:trojan-activity;sid:81154017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/balance/"; http_uri; depth:18; isdataat:!1,relative; content:"dolmosalum01.000webhostapp.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290916/; classtype:trojan-activity;sid:81154016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/zis/"; http_uri; depth:17; isdataat:!1,relative; content:"dorhugps.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290915/; classtype:trojan-activity;sid:81154015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/attachments/tbxj4qg3/gmg-7512-467-mf5620-gp6mjli9h1/"; http_uri; depth:65; isdataat:!1,relative; content:"icosmo.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290914/; classtype:trojan-activity;sid:81154014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/balance/e2fkh5h3ds/"; http_uri; depth:24; isdataat:!1,relative; content:"followgreece.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290913/; classtype:trojan-activity;sid:81154013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/udmzrkv/"; http_uri; depth:20; isdataat:!1,relative; content:"secure-iptv.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290912/; classtype:trojan-activity;sid:81154012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/etrac/"; http_uri; depth:7; isdataat:!1,relative; content:"lenzevietnam.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290911/; classtype:trojan-activity;sid:81154011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/browse/"; http_uri; depth:20; isdataat:!1,relative; content:"handpickcart.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290910/; classtype:trojan-activity;sid:81154010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/over/ciovil/"; http_uri; depth:13; isdataat:!1,relative; content:"ivanaleme.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290909/; classtype:trojan-activity;sid:81154009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/omgazf/nioo8t-646010389-54200-rh3u-frrn9fsy/"; http_uri; depth:59; isdataat:!1,relative; content:"muadatnhontrach.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290908/; classtype:trojan-activity;sid:81154008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/docs/qf7k-990714243-434978019-blmu8vcsm0-vdw0p29i69r8/"; http_uri; depth:63; isdataat:!1,relative; content:"ibookrides.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290907/; classtype:trojan-activity;sid:81154007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.0.125.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290906/; classtype:trojan-activity;sid:81154006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.52.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290905/; classtype:trojan-activity;sid:81154005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.82.206.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290904/; classtype:trojan-activity;sid:81154004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.222.195.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290903/; classtype:trojan-activity;sid:81154003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290902/; classtype:trojan-activity;sid:81154002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290901/; classtype:trojan-activity;sid:81154001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290900/; classtype:trojan-activity;sid:81154000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.229.255.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290899/; classtype:trojan-activity;sid:81153999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290898/; classtype:trojan-activity;sid:81153998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.112.177.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290897/; classtype:trojan-activity;sid:81153997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.189.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290896/; classtype:trojan-activity;sid:81153996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/8b-hgsc-4452/"; http_uri; depth:23; isdataat:!1,relative; content:"lqmstore.000webhostapp.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290895/; classtype:trojan-activity;sid:81153995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/report/dygt-4015332870-457-mrr061tk-jvt3ut5ylkk/"; http_uri; depth:58; isdataat:!1,relative; content:"penyejukhati.000webhostapp.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290894/; classtype:trojan-activity;sid:81153994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/attachments/u63qt1-04223-6500234-x8mf1fxg-a1odoffdd/"; http_uri; depth:57; isdataat:!1,relative; content:"nodirabegim.uz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290893/; classtype:trojan-activity;sid:81153993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uv-om-682802/"; http_uri; depth:23; isdataat:!1,relative; content:"www.seyssinet-handball.club"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290892/; classtype:trojan-activity;sid:81153992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ejzxa3l0op/"; http_uri; depth:21; isdataat:!1,relative; content:"phuongart.000webhostapp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290891/; classtype:trojan-activity;sid:81153991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qdedi66f4-ts7-841192/"; http_uri; depth:31; isdataat:!1,relative; content:"aminanchondo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290890/; classtype:trojan-activity;sid:81153990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/office365/jypsim/"; http_uri; depth:18; isdataat:!1,relative; content:"myevol.biz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290889/; classtype:trojan-activity;sid:81153989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/icwesb/"; http_uri; depth:20; isdataat:!1,relative; content:"erfanpich.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290888/; classtype:trojan-activity;sid:81153988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wfwwwtbw/"; http_uri; depth:21; isdataat:!1,relative; content:"www.jalanuang.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290887/; classtype:trojan-activity;sid:81153987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/jnjikg/"; http_uri; depth:16; isdataat:!1,relative; content:"friendzonecafe.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290886/; classtype:trojan-activity;sid:81153986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ysmcnnvsu/"; http_uri; depth:14; isdataat:!1,relative; content:"blog.hostdokan.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290885/; classtype:trojan-activity;sid:81153985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vlkap/parts_service/2lhmwgm/"; http_uri; depth:29; isdataat:!1,relative; content:"smart-it.epixel.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290884/; classtype:trojan-activity;sid:81153984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/etrac/pe4n-901512265-019235-kqogis3blnw-3hjns4awgw/"; http_uri; depth:63; isdataat:!1,relative; content:"blog.camposuribe.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290883/; classtype:trojan-activity;sid:81153983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/j0b9jqv-jk-094/"; http_uri; depth:23; isdataat:!1,relative; content:"gill-holiday-2013.gillfoundation.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290882/; classtype:trojan-activity;sid:81153982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/balance/vb11hxkgbx8m/"; http_uri; depth:26; isdataat:!1,relative; content:"gill-holiday-2014.gillfoundation.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290881/; classtype:trojan-activity;sid:81153981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kzj88hvx/tcf8e8r/"; http_uri; depth:27; isdataat:!1,relative; content:"bukucaknun.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290880/; classtype:trojan-activity;sid:81153980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/28q-fx0-163638/"; http_uri; depth:25; isdataat:!1,relative; content:"ownatlast.co.uk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290879/; classtype:trojan-activity;sid:81153979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/cdrr0h1xaz/"; http_uri; depth:22; isdataat:!1,relative; content:"tabrizdigi.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290878/; classtype:trojan-activity;sid:81153978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inc/bwpfmyc-757833-7173-az4pe6g4-rn2c/"; http_uri; depth:51; isdataat:!1,relative; content:"support.m2mservices.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290877/; classtype:trojan-activity;sid:81153977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/"; http_uri; depth:16; isdataat:!1,relative; content:"thietbisontinhdien.vn"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290876/; classtype:trojan-activity;sid:81153976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/libs/yds/"; http_uri; depth:10; isdataat:!1,relative; content:"tien5s.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290875/; classtype:trojan-activity;sid:81153975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290874/; classtype:trojan-activity;sid:81153974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.110.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290873/; classtype:trojan-activity;sid:81153973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.130.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290872/; classtype:trojan-activity;sid:81153972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.229.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290871/; classtype:trojan-activity;sid:81153971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.95.39.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290870/; classtype:trojan-activity;sid:81153970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.96.207.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290869/; classtype:trojan-activity;sid:81153969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.47.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290868/; classtype:trojan-activity;sid:81153968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.192.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290867/; classtype:trojan-activity;sid:81153967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.230.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290866/; classtype:trojan-activity;sid:81153966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290865/; classtype:trojan-activity;sid:81153965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.96.91.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290864/; classtype:trojan-activity;sid:81153964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290863/; classtype:trojan-activity;sid:81153963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.4.153.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290862/; classtype:trojan-activity;sid:81153962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.188.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290861/; classtype:trojan-activity;sid:81153961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290860/; classtype:trojan-activity;sid:81153960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/attachments/jxo2ibqe/dz-598-0278582-pr63-xcjyswgn08y/"; http_uri; depth:66; isdataat:!1,relative; content:"www.motoclubspidy.it"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290859/; classtype:trojan-activity;sid:81153959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6mdubwnf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290858/; classtype:trojan-activity;sid:81153958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/browse/fsf0-99690241-87838-7lzi8bb3j-7ujguzkh/"; http_uri; depth:56; isdataat:!1,relative; content:"web89.s203.goserver.host"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290857/; classtype:trojan-activity;sid:81153957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/e1o6pxx-9z9-02910/"; http_uri; depth:30; isdataat:!1,relative; content:"www.xarebi.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290856/; classtype:trojan-activity;sid:81153956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/"; http_uri; depth:21; isdataat:!1,relative; content:"www.brechovip.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290855/; classtype:trojan-activity;sid:81153955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/swift/umwl1wt1/na-46199402-453-aog00ji07ea-r7yqlz2/"; http_uri; depth:61; isdataat:!1,relative; content:"shamstech.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290854/; classtype:trojan-activity;sid:81153954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/db-dh-486304/"; http_uri; depth:26; isdataat:!1,relative; content:"banne.com.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290853/; classtype:trojan-activity;sid:81153953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/browse/vy-465736-6837-bac2p0xn4k-w0ioho/"; http_uri; depth:49; isdataat:!1,relative; content:"yknobodi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290852/; classtype:trojan-activity;sid:81153952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/mw/"; http_uri; depth:15; isdataat:!1,relative; content:"cateringbyjkv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290851/; classtype:trojan-activity;sid:81153951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/05293/o6qzal7y/p005s9n-17035887-64821-26e5k-798q6/"; http_uri; depth:60; isdataat:!1,relative; content:"akacoustic.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290850/; classtype:trojan-activity;sid:81153950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hasghasfi/ofagvjasdaf.php"; http_uri; depth:26; isdataat:!1,relative; content:"3.84.12.179"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290849/; classtype:trojan-activity;sid:81153949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p-14-7.dll"; http_uri; depth:11; isdataat:!1,relative; content:"sutyuighibfgjsbdiusuidgiusdc14c.s3.us-east-2.amazonaws.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290848/; classtype:trojan-activity;sid:81153948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/docs/actwhf/q8-934208-0797-ck6kt52h1-gj37oqfn/"; http_uri; depth:59; isdataat:!1,relative; content:"upendocharityfoundation.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290847/; classtype:trojan-activity;sid:81153947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/doc/"; http_uri; depth:8; isdataat:!1,relative; content:"benjamin-moore.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290846/; classtype:trojan-activity;sid:81153946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nl/"; http_uri; depth:16; isdataat:!1,relative; content:"gi.azay.co.th"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290845/; classtype:trojan-activity;sid:81153945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/y5um5m/"; http_uri; depth:23; isdataat:!1,relative; content:"bangstationery.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290844/; classtype:trojan-activity;sid:81153944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"att-0748.fileshare-storage.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290843/; classtype:trojan-activity;sid:81153943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/l1lvcvr4yigd/fuu-259-17448294-s0zuvkg6i-se088ksn/"; http_uri; depth:63; isdataat:!1,relative; content:"greccasac.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290842/; classtype:trojan-activity;sid:81153942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/browse/g2advr/brks2a-9755-532295-90zc-g32pi/"; http_uri; depth:54; isdataat:!1,relative; content:"artroute.capetown"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290841/; classtype:trojan-activity;sid:81153941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gi-7lctq-48/"; http_uri; depth:25; isdataat:!1,relative; content:"infonoticiasdigital.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290840/; classtype:trojan-activity;sid:81153940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/2e519bjrvdm/"; http_uri; depth:31; isdataat:!1,relative; content:"halynkmedia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290839/; classtype:trojan-activity;sid:81153939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.248.111.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290838/; classtype:trojan-activity;sid:81153938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290837/; classtype:trojan-activity;sid:81153937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290836/; classtype:trojan-activity;sid:81153936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.27.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290835/; classtype:trojan-activity;sid:81153935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.195.52.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290834/; classtype:trojan-activity;sid:81153934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.60.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290833/; classtype:trojan-activity;sid:81153933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.127.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290832/; classtype:trojan-activity;sid:81153932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.179.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290831/; classtype:trojan-activity;sid:81153931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290830/; classtype:trojan-activity;sid:81153930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290829/; classtype:trojan-activity;sid:81153929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.160.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290828/; classtype:trojan-activity;sid:81153928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.84.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290827/; classtype:trojan-activity;sid:81153927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.110.16.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290826/; classtype:trojan-activity;sid:81153926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290825/; classtype:trojan-activity;sid:81153925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/bn3l-0957-82273-j8xoy5l-ai3zqx6cfw8/"; http_uri; depth:57; isdataat:!1,relative; content:"iptvlidi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290824/; classtype:trojan-activity;sid:81153924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old_baclup/wgzznt/"; http_uri; depth:19; isdataat:!1,relative; content:"luckypanda.ch"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290823/; classtype:trojan-activity;sid:81153923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/a-5466996-3508796-ko5cl-79es8ala/"; http_uri; depth:54; isdataat:!1,relative; content:"johnknoxvillageexplore.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290822/; classtype:trojan-activity;sid:81153922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/esp/082d56r/"; http_uri; depth:22; isdataat:!1,relative; content:"hellocg.news"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290821/; classtype:trojan-activity;sid:81153921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oeiuifnh-lxpap-561/"; http_uri; depth:31; isdataat:!1,relative; content:"mayradeleon.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290820/; classtype:trojan-activity;sid:81153920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/report/8luskzeemkqb/"; http_uri; depth:32; isdataat:!1,relative; content:"jkvresidents.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290819/; classtype:trojan-activity;sid:81153919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wja/"; http_uri; depth:14; isdataat:!1,relative; content:"thuevaycuoi.com.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290818/; classtype:trojan-activity;sid:81153918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/t760en/"; http_uri; depth:15; isdataat:!1,relative; content:"luatdongnamhai.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290817/; classtype:trojan-activity;sid:81153917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/37m9hemsf3/x-8030431888-899098-qrgtw-bj3r617/"; http_uri; depth:62; isdataat:!1,relative; content:"johnknoxhomehealth.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290816/; classtype:trojan-activity;sid:81153916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kfoiuyrtebnvhcgxljkjh.bin"; http_uri; depth:26; isdataat:!1,relative; content:"securecc.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290815/; classtype:trojan-activity;sid:81153915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/view.php"; http_uri; depth:9; isdataat:!1,relative; content:"quickwaysignstx.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290814/; classtype:trojan-activity;sid:81153914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/public/tghnr2a7/ekq-170901841-87404-4wsuh-4i80awqdj63/"; http_uri; depth:64; isdataat:!1,relative; content:"qudratfaisal.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290813/; classtype:trojan-activity;sid:81153913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ipqcmm/"; http_uri; depth:20; isdataat:!1,relative; content:"wdfpcb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290812/; classtype:trojan-activity;sid:81153912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/lcx3-60610297-333739681-r4w35m4dpx5-3ckwj/"; http_uri; depth:58; isdataat:!1,relative; content:"nutsorigin.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290811/; classtype:trojan-activity;sid:81153911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/docs/"; http_uri; depth:17; isdataat:!1,relative; content:"shitouv.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290810/; classtype:trojan-activity;sid:81153910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/9ybzy-ga-90/"; http_uri; depth:25; isdataat:!1,relative; content:"sb1.com.br"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290809/; classtype:trojan-activity;sid:81153909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/invoice/pzjm-930295463-02340115-lsljjm3wn3-utc0pw9/"; http_uri; depth:61; isdataat:!1,relative; content:"thienydao.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290808/; classtype:trojan-activity;sid:81153908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lrczo/"; http_uri; depth:19; isdataat:!1,relative; content:"mmedia.network"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290807/; classtype:trojan-activity;sid:81153907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paginfo83.php"; http_uri; depth:14; isdataat:!1,relative; content:"understudyknowledge.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290806/; classtype:trojan-activity;sid:81153906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4m655lwmocyhiwezv2-8vbwxu8zi2zoaun-ln9owqcw3n3m_v82akq2yjrmhaqk5kd-davsnqpuz1wm_il50b7kwpbn7_2efn9yi_ysxbk2eutiv_la-ymop1pe_g45h8m3x_rrs6cbflh49ncqm3-lm000vkrr4vzozewka9bqhcxx1bzr4xvuwvpgjxae1qx7pmnqeqsupfme-dssrmtew/nuovo%20documento%201.zipdownload|7c|26|7c|psid=1"; http_uri; depth:268; isdataat:!1,relative; content:"v3qhhg.dm.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290805/; classtype:trojan-activity;sid:81153905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/authkey=%21akcxgi7n%5fteysmy|7c|26|7c|cid=15647e28d3722ad0|7c|26|7c|id=15647e28d3722ad0%21110|7c|26|7c|parid=15647e28d3722ad0%21106|7c|26|7c|action=locate"; http_uri; depth:155; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290804/; classtype:trojan-activity;sid:81153904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/enaekhyozi=30924"; http_uri; depth:17; isdataat:!1,relative; content:"institutionalknowledgemanagement.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290803/; classtype:trojan-activity;sid:81153903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eudqcsol=73004"; http_uri; depth:15; isdataat:!1,relative; content:"beadventure.us"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290802/; classtype:trojan-activity;sid:81153902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/balance/h0kyjz1bzsir/4tw-0096388-123791-y2rna-5lpk3z/"; http_uri; depth:63; isdataat:!1,relative; content:"tdutech.com.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290801/; classtype:trojan-activity;sid:81153901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sites/"; http_uri; depth:19; isdataat:!1,relative; content:"twodogstransport.com.au"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290800/; classtype:trojan-activity;sid:81153900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.206.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290799/; classtype:trojan-activity;sid:81153899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290798/; classtype:trojan-activity;sid:81153898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290797/; classtype:trojan-activity;sid:81153897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290796/; classtype:trojan-activity;sid:81153896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.210.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290795/; classtype:trojan-activity;sid:81153895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.204.80.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290794/; classtype:trojan-activity;sid:81153894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.209.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290793/; classtype:trojan-activity;sid:81153893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.124.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290792/; classtype:trojan-activity;sid:81153892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.96.88.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290791/; classtype:trojan-activity;sid:81153891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290790/; classtype:trojan-activity;sid:81153890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/attachments/90lpdnkxqa/1j-02290-021-nxrcbb-jn50ug/"; http_uri; depth:55; isdataat:!1,relative; content:"www.heye.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290789/; classtype:trojan-activity;sid:81153889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lxs/"; http_uri; depth:16; isdataat:!1,relative; content:"www.eed.gr"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290788/; classtype:trojan-activity;sid:81153888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/trsss/8gac11l/"; http_uri; depth:15; isdataat:!1,relative; content:"www.amedspor.com.tr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290787/; classtype:trojan-activity;sid:81153887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/includes/morgan_encrypted_cf19caf.bin"; http_uri; depth:47; isdataat:!1,relative; content:"automotivemakelaar.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290786/; classtype:trojan-activity;sid:81153886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/includes/jeffers_encrypted_3e85c20.bin"; http_uri; depth:48; isdataat:!1,relative; content:"automotivemakelaar.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290785/; classtype:trojan-activity;sid:81153885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/includes/jeffers_encrypted_c990dff.bin"; http_uri; depth:48; isdataat:!1,relative; content:"automotivemakelaar.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290784/; classtype:trojan-activity;sid:81153884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/includes/buch_encrypted_536cec0.bin"; http_uri; depth:45; isdataat:!1,relative; content:"automotivemakelaar.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290783/; classtype:trojan-activity;sid:81153883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/s96/"; http_uri; depth:13; isdataat:!1,relative; content:"tiagocambara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290782/; classtype:trojan-activity;sid:81153882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitio/ntxzomkcx/"; http_uri; depth:17; isdataat:!1,relative; content:"solmec.com.ar"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290781/; classtype:trojan-activity;sid:81153881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/k35d9q/"; http_uri; depth:12; isdataat:!1,relative; content:"urgeventa.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290780/; classtype:trojan-activity;sid:81153880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/posta/dr3zxa/"; http_uri; depth:14; isdataat:!1,relative; content:"pmthome.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290779/; classtype:trojan-activity;sid:81153879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/contact/iy/"; http_uri; depth:12; isdataat:!1,relative; content:"oniongames.jp"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290778/; classtype:trojan-activity;sid:81153878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/hmwaa/"; http_uri; depth:19; isdataat:!1,relative; content:"www.shuanen.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290777/; classtype:trojan-activity;sid:81153877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/swift/61qj02vtvx3/lponoa-254-3915595-el8zqtcxq-qsvh1l/"; http_uri; depth:59; isdataat:!1,relative; content:"toom.com.br"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290776/; classtype:trojan-activity;sid:81153876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ylhp/"; http_uri; depth:15; isdataat:!1,relative; content:"beranda.bentangpustaka.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290775/; classtype:trojan-activity;sid:81153875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/83-9558048902-6952-k9e8z1eey-tvtk/"; http_uri; depth:54; isdataat:!1,relative; content:"www.xarebi.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290774/; classtype:trojan-activity;sid:81153874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/scan/"; http_uri; depth:13; isdataat:!1,relative; content:"www.cmincorps.ml"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290773/; classtype:trojan-activity;sid:81153873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bable/gcmxcrwr/"; http_uri; depth:16; isdataat:!1,relative; content:"webable.digital"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290772/; classtype:trojan-activity;sid:81153872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/report/bebfsha/"; http_uri; depth:27; isdataat:!1,relative; content:"foxford.co.ke"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290771/; classtype:trojan-activity;sid:81153871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cpbc/"; http_uri; depth:15; isdataat:!1,relative; content:"pmart.ga"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290770/; classtype:trojan-activity;sid:81153870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/reporting/64jxbne-430929-5448-bm3diqmf-kimtvg9xjv/"; http_uri; depth:62; isdataat:!1,relative; content:"demo.videooverplay.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290769/; classtype:trojan-activity;sid:81153869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/eqg/"; http_uri; depth:14; isdataat:!1,relative; content:"excellencegroup.ca"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290768/; classtype:trojan-activity;sid:81153868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/"; http_uri; depth:18; isdataat:!1,relative; content:"www.craftqualitysolutions.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290767/; classtype:trojan-activity;sid:81153867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/botpu/"; http_uri; depth:16; isdataat:!1,relative; content:"ummudinda.000webhostapp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290766/; classtype:trojan-activity;sid:81153866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/overview/5nbefc5v/0-435605-4248-8ilud6y0as-jkd2m6l/"; http_uri; depth:61; isdataat:!1,relative; content:"rowdiesfootball.000webhostapp.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290765/; classtype:trojan-activity;sid:81153865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/browse/30wmoh-3417-7998-006pipzu-0dttqcxs44/"; http_uri; depth:56; isdataat:!1,relative; content:"wordpress.areyesjr.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290764/; classtype:trojan-activity;sid:81153864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.195.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290763/; classtype:trojan-activity;sid:81153863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.184.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290762/; classtype:trojan-activity;sid:81153862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.242.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290761/; classtype:trojan-activity;sid:81153861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.9.170.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290760/; classtype:trojan-activity;sid:81153860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290759/; classtype:trojan-activity;sid:81153859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.167.4.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290758/; classtype:trojan-activity;sid:81153858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.156.55.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290757/; classtype:trojan-activity;sid:81153857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.104.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290756/; classtype:trojan-activity;sid:81153856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.239.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290755/; classtype:trojan-activity;sid:81153855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.181.103.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290754/; classtype:trojan-activity;sid:81153854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.210.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290753/; classtype:trojan-activity;sid:81153853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.134.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290752/; classtype:trojan-activity;sid:81153852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.110.19.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290751/; classtype:trojan-activity;sid:81153851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.184.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290750/; classtype:trojan-activity;sid:81153850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.59.134.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290749/; classtype:trojan-activity;sid:81153849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.247.189.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290748/; classtype:trojan-activity;sid:81153848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.247.157.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290747/; classtype:trojan-activity;sid:81153847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.166.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290746/; classtype:trojan-activity;sid:81153846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.96.87.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290745/; classtype:trojan-activity;sid:81153845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290744/; classtype:trojan-activity;sid:81153844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.244.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290743/; classtype:trojan-activity;sid:81153843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/6130535310630920/yv6538f8/5xivuj-7531804678-3154902-fx2ci0-haui/"; http_uri; depth:67; isdataat:!1,relative; content:"www.kadikoyaluminyum.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290742/; classtype:trojan-activity;sid:81153842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/src/pjsb/"; http_uri; depth:10; isdataat:!1,relative; content:"www.looksociety.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290741/; classtype:trojan-activity;sid:81153841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/setupconfigl/report/lzygj8ihx/ppj49qt-312-4936116-a9g8gkwi2-jgs21iz4/"; http_uri; depth:70; isdataat:!1,relative; content:"www.thesprintx.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290740/; classtype:trojan-activity;sid:81153840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/3yv0w56x/u-3126628-86423811-gv0aqofesx-dfninzjql/"; http_uri; depth:61; isdataat:!1,relative; content:"www.orion-travel.biz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290739/; classtype:trojan-activity;sid:81153839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"31.168.218.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290738/; classtype:trojan-activity;sid:81153838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/40900885794/037g58o9s/"; http_uri; depth:33; isdataat:!1,relative; content:"www.pfgrup.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290737/; classtype:trojan-activity;sid:81153837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eski/sviavq-ss-729139/"; http_uri; depth:23; isdataat:!1,relative; content:"www.netasarim.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290736/; classtype:trojan-activity;sid:81153836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/f516f1e6af8a45ad8a2291063396edf2/docs/o5w8frg-344249-246-t1tlcrj-3pqfp/"; http_uri; depth:72; isdataat:!1,relative; content:"www.3idiotscommunication.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290735/; classtype:trojan-activity;sid:81153835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wtuds/overview/w4a2tmm/"; http_uri; depth:24; isdataat:!1,relative; content:"texaschildabusedefense.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290734/; classtype:trojan-activity;sid:81153834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gstore/hhal/"; http_uri; depth:13; isdataat:!1,relative; content:"born4business.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290733/; classtype:trojan-activity;sid:81153833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/vrdpj9n9/"; http_uri; depth:25; isdataat:!1,relative; content:"www.manweilongchu.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290732/; classtype:trojan-activity;sid:81153832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/balance/kmhzcaeo/l3gb7-789742-57333102-ai3m60sl08-sp2zbep0y9tc/"; http_uri; depth:68; isdataat:!1,relative; content:"www.xn--tkrw6sl75a3cq.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290731/; classtype:trojan-activity;sid:81153831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/__css/cwsie/"; http_uri; depth:13; isdataat:!1,relative; content:"padelmalaga.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290730/; classtype:trojan-activity;sid:81153830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/zszhooerc/"; http_uri; depth:23; isdataat:!1,relative; content:"excel-impart.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290729/; classtype:trojan-activity;sid:81153829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww12/ck27ko74j-6tvpklk-0629309487/"; http_uri; depth:35; isdataat:!1,relative; content:"btlocum.pl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290728/; classtype:trojan-activity;sid:81153828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/atk-y9dbc-9102694/"; http_uri; depth:27; isdataat:!1,relative; content:"berkahinternasional.co.id"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290727/; classtype:trojan-activity;sid:81153827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvmlws/"; http_uri; depth:8; isdataat:!1,relative; content:"fhcigars.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290726/; classtype:trojan-activity;sid:81153826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvonnl/"; http_uri; depth:8; isdataat:!1,relative; content:"docesnico.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290725/; classtype:trojan-activity;sid:81153825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wdbpvei/"; http_uri; depth:9; isdataat:!1,relative; content:"captivetouch.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290724/; classtype:trojan-activity;sid:81153824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.83.51.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290723/; classtype:trojan-activity;sid:81153823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"191.243.3.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290722/; classtype:trojan-activity;sid:81153822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.188.243.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290721/; classtype:trojan-activity;sid:81153821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.117.204.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290720/; classtype:trojan-activity;sid:81153820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290719/; classtype:trojan-activity;sid:81153819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290718/; classtype:trojan-activity;sid:81153818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290717/; classtype:trojan-activity;sid:81153817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.175.173.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290716/; classtype:trojan-activity;sid:81153816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.24.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290715/; classtype:trojan-activity;sid:81153815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.247.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290714/; classtype:trojan-activity;sid:81153814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.100.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290713/; classtype:trojan-activity;sid:81153813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290712/; classtype:trojan-activity;sid:81153812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.217.39.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290711/; classtype:trojan-activity;sid:81153811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.202.73.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290710/; classtype:trojan-activity;sid:81153810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.242.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290709/; classtype:trojan-activity;sid:81153809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.209.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290708/; classtype:trojan-activity;sid:81153808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290707/; classtype:trojan-activity;sid:81153807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290706/; classtype:trojan-activity;sid:81153806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/data/jcrj/"; http_uri; depth:11; isdataat:!1,relative; content:"codienphudat.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290705/; classtype:trojan-activity;sid:81153805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uwal/"; http_uri; depth:17; isdataat:!1,relative; content:"demu.hu"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290704/; classtype:trojan-activity;sid:81153804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/0o32239/"; http_uri; depth:16; isdataat:!1,relative; content:"itconsortium.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290703/; classtype:trojan-activity;sid:81153803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/rossn32/"; http_uri; depth:17; isdataat:!1,relative; content:"rcmgdev44.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290702/; classtype:trojan-activity;sid:81153802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vs7x8hyvel/"; http_uri; depth:12; isdataat:!1,relative; content:"josemoo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290701/; classtype:trojan-activity;sid:81153801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/996tt/unid/"; http_uri; depth:12; isdataat:!1,relative; content:"jayracing.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290700/; classtype:trojan-activity;sid:81153800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/var/r0j0jw-2zhga-3073/"; http_uri; depth:23; isdataat:!1,relative; content:"pethubebooking.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290699/; classtype:trojan-activity;sid:81153799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/documentation/"; http_uri; depth:20; isdataat:!1,relative; content:"gleevi.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290698/; classtype:trojan-activity;sid:81153798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/799612/ev/"; http_uri; depth:11; isdataat:!1,relative; content:"audreylamb.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290697/; classtype:trojan-activity;sid:81153797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/j2rideo/smj-039-94742-2zwqqu449-bdozlx15f/"; http_uri; depth:49; isdataat:!1,relative; content:"www.ankitastarvision.co.in"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290696/; classtype:trojan-activity;sid:81153796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/copyright/payment/buqy-719-2866202-mdgi7-1s62vw0/"; http_uri; depth:50; isdataat:!1,relative; content:"ennessehospitality.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290695/; classtype:trojan-activity;sid:81153795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tptgb4iq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290694/; classtype:trojan-activity;sid:81153794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jnsvmmxn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290693/; classtype:trojan-activity;sid:81153793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/banner/iuypuc/"; http_uri; depth:15; isdataat:!1,relative; content:"credigas.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290692/; classtype:trojan-activity;sid:81153792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/plqn-496-95-phhd-q4vf3uibq591/"; http_uri; depth:48; isdataat:!1,relative; content:"allainesconsultancyinc.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290691/; classtype:trojan-activity;sid:81153791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dacecb0fcd2bc6cbe09ed1527e527b37/fxly0hp891/c8v76pgu7qd/qj0w-6128612-945221359-logyp2ynba-bwwwkwum/"; http_uri; depth:100; isdataat:!1,relative; content:"www.hgklighting.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290690/; classtype:trojan-activity;sid:81153790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/public/zmgwlt/von-1844037011-33967254-cxfyqa84y8p-h4cfa/"; http_uri; depth:68; isdataat:!1,relative; content:"pilkom.ulm.ac.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290689/; classtype:trojan-activity;sid:81153789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vj29-ib-15/"; http_uri; depth:24; isdataat:!1,relative; content:"165.227.220.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290688/; classtype:trojan-activity;sid:81153788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/statement/"; http_uri; depth:23; isdataat:!1,relative; content:"texasvetsremodeling.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290687/; classtype:trojan-activity;sid:81153787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/woocommerce/llc/4h9s6q90th3f/5-747331-66751-f7rw-qm5g6az7sjh/"; http_uri; depth:83; isdataat:!1,relative; content:"rahebikaran.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290686/; classtype:trojan-activity;sid:81153786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ph1tb83yj/ozlxwe/"; http_uri; depth:18; isdataat:!1,relative; content:"onlinedhobi.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290685/; classtype:trojan-activity;sid:81153785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/7cem-8672713953-99609399-pyi7my4zl-zwsl72rnf/"; http_uri; depth:61; isdataat:!1,relative; content:"www.lanhuinet.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290684/; classtype:trojan-activity;sid:81153784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/docs/"; http_uri; depth:18; isdataat:!1,relative; content:"cascavelsexshop.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290683/; classtype:trojan-activity;sid:81153783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290682/; classtype:trojan-activity;sid:81153782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290681/; classtype:trojan-activity;sid:81153781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.15.73"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290680/; classtype:trojan-activity;sid:81153780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290679/; classtype:trojan-activity;sid:81153779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290678/; classtype:trojan-activity;sid:81153778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.206.172.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290677/; classtype:trojan-activity;sid:81153777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.192.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290676/; classtype:trojan-activity;sid:81153776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.100.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290675/; classtype:trojan-activity;sid:81153775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.51.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290674/; classtype:trojan-activity;sid:81153774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.45.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290673/; classtype:trojan-activity;sid:81153773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290672/; classtype:trojan-activity;sid:81153772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.247.160.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290671/; classtype:trojan-activity;sid:81153771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290670/; classtype:trojan-activity;sid:81153770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290669/; classtype:trojan-activity;sid:81153769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.204.105.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290668/; classtype:trojan-activity;sid:81153768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/site/jhtq-7rrmv-2764/"; http_uri; depth:22; isdataat:!1,relative; content:"agiletecnologia.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290667/; classtype:trojan-activity;sid:81153767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mbksle153jdsje/statement/"; http_uri; depth:26; isdataat:!1,relative; content:"wp.hby23.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290666/; classtype:trojan-activity;sid:81153766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r/dp7la"; http_uri; depth:8; isdataat:!1,relative; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290665/; classtype:trojan-activity;sid:81153765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/docs/"; http_uri; depth:17; isdataat:!1,relative; content:"newlifenaturecure.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290664/; classtype:trojan-activity;sid:81153764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9e8f8cq8/v5fyxj-th-045/"; http_uri; depth:24; isdataat:!1,relative; content:"samarsarani.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290663/; classtype:trojan-activity;sid:81153763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/statement/"; http_uri; depth:23; isdataat:!1,relative; content:"dr-prof-sachidanandasinha-dentalclinic.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290662/; classtype:trojan-activity;sid:81153762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vkkfdpw/documentation/"; http_uri; depth:23; isdataat:!1,relative; content:"ntc.learningapp.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290661/; classtype:trojan-activity;sid:81153761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/engl/sb3sj5tp-4b-451/"; http_uri; depth:22; isdataat:!1,relative; content:"argosactive.se"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290660/; classtype:trojan-activity;sid:81153760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/reporting/1y7g-674778760-898-6o1wzi1-z1dux5/"; http_uri; depth:54; isdataat:!1,relative; content:"www.ata.net.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290659/; classtype:trojan-activity;sid:81153759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qhzrp-t5kixlryjtt9ztp_rneanuvt-qj/"; http_uri; depth:43; isdataat:!1,relative; content:"welcomehouse.ca"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290658/; classtype:trojan-activity;sid:81153758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/"; http_uri; depth:21; isdataat:!1,relative; content:"nuvida.wavenex.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290657/; classtype:trojan-activity;sid:81153757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bell.config/oovuf/"; http_uri; depth:19; isdataat:!1,relative; content:"pontosat.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290656/; classtype:trojan-activity;sid:81153756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/8792319708/bzesg5h2nblw/"; http_uri; depth:34; isdataat:!1,relative; content:"www.stxaviersbharatpur.in"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290655/; classtype:trojan-activity;sid:81153755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/isaku139/document/kiriyso9v0l0/vbd-6927602-439719245-o1du5re-kblkwe875ka/"; http_uri; depth:74; isdataat:!1,relative; content:"kora3.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290654/; classtype:trojan-activity;sid:81153754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/advert/public/media/user_1waprryply/kyu/"; http_uri; depth:41; isdataat:!1,relative; content:"iphoneapps.co.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290653/; classtype:trojan-activity;sid:81153753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/lw24bd8/"; http_uri; depth:24; isdataat:!1,relative; content:"tantiesecret.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290652/; classtype:trojan-activity;sid:81153752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gu78xgl-r0u-1612/"; http_uri; depth:27; isdataat:!1,relative; content:"www.wilop.co"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290651/; classtype:trojan-activity;sid:81153751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/marzo/docs/9crpo1-583882-23410195-bvyxp-ppo01/"; http_uri; depth:47; isdataat:!1,relative; content:"201.149.83.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290650/; classtype:trojan-activity;sid:81153750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/55900/meoygk/"; http_uri; depth:23; isdataat:!1,relative; content:"thepaperberry.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290649/; classtype:trojan-activity;sid:81153749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.199.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290648/; classtype:trojan-activity;sid:81153748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"210.178.90.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290647/; classtype:trojan-activity;sid:81153747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290646/; classtype:trojan-activity;sid:81153746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.179.141.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290645/; classtype:trojan-activity;sid:81153745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290644/; classtype:trojan-activity;sid:81153744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.219.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290643/; classtype:trojan-activity;sid:81153743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.126.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290642/; classtype:trojan-activity;sid:81153742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/advanced-search/reporting/y6-2086357426-1279-rypbwgfi732-a7k6/"; http_uri; depth:63; isdataat:!1,relative; content:"xn--72ca5bpb8fxat5bgq6lpe.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290641/; classtype:trojan-activity;sid:81153741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/haqoyn/"; http_uri; depth:17; isdataat:!1,relative; content:"miniyam.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290640/; classtype:trojan-activity;sid:81153740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubkskw29clek/doc/"; http_uri; depth:18; isdataat:!1,relative; content:"profile.lgvgh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290639/; classtype:trojan-activity;sid:81153739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/scan/l-90573358-6372165-qw2p5i-sqt0fzspu7/"; http_uri; depth:55; isdataat:!1,relative; content:"www.xiaoxuewen.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290638/; classtype:trojan-activity;sid:81153738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww12/nflaoqy/"; http_uri; depth:14; isdataat:!1,relative; content:"hasiba.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290637/; classtype:trojan-activity;sid:81153737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/7ot5c-9w-72/"; http_uri; depth:22; isdataat:!1,relative; content:"podocentrum.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290636/; classtype:trojan-activity;sid:81153736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nslike/paclm/"; http_uri; depth:14; isdataat:!1,relative; content:"www.rapidex.co.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290635/; classtype:trojan-activity;sid:81153735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/media/overview/upb-96129001-15-7je7nqz9-ywhoia6o16/"; http_uri; depth:52; isdataat:!1,relative; content:"www.tecal.co"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290634/; classtype:trojan-activity;sid:81153734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5bxntxva"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290633/; classtype:trojan-activity;sid:81153733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/etrac/povaxu5/"; http_uri; depth:26; isdataat:!1,relative; content:"nativepicture.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290632/; classtype:trojan-activity;sid:81153732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/zvlhscch/"; http_uri; depth:19; isdataat:!1,relative; content:"projectsinpanvel.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290631/; classtype:trojan-activity;sid:81153731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sydxy2v39/b2xtv-0270396-54335-wtj9rvm-v1q5y4iit/"; http_uri; depth:57; isdataat:!1,relative; content:"hbsurfcity.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290630/; classtype:trojan-activity;sid:81153730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config.recognize/report/a9aom86ij9z/42-41939-871834826-0x0ztouwc-4uwo4g6/"; http_uri; depth:74; isdataat:!1,relative; content:"up-liner.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290629/; classtype:trojan-activity;sid:81153729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/b79b/fw-03-518/"; http_uri; depth:16; isdataat:!1,relative; content:"www.cankamimarlik.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290628/; classtype:trojan-activity;sid:81153728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/docs/qxz79q7k/"; http_uri; depth:24; isdataat:!1,relative; content:"filmfive.com.sg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290627/; classtype:trojan-activity;sid:81153727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/confort/payment/ow67gzim3t/"; http_uri; depth:28; isdataat:!1,relative; content:"nzndiamonds.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290626/; classtype:trojan-activity;sid:81153726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/05-t3h7r-49937/"; http_uri; depth:27; isdataat:!1,relative; content:"kensingtonhotelsuites.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290625/; classtype:trojan-activity;sid:81153725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/inc/8fsqmy/"; http_uri; depth:16; isdataat:!1,relative; content:"kimtgparish.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290624/; classtype:trojan-activity;sid:81153724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/agtnsuw/scan/kwmq84-875508-3898708-pxle1u9f12-uixjl/"; http_uri; depth:53; isdataat:!1,relative; content:"sparktv.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290623/; classtype:trojan-activity;sid:81153723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntaqcb/9piu6-sqm0-110/"; http_uri; depth:23; isdataat:!1,relative; content:"rongoamagic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290622/; classtype:trojan-activity;sid:81153722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290621/; classtype:trojan-activity;sid:81153721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.52.121.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290620/; classtype:trojan-activity;sid:81153720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.67.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290619/; classtype:trojan-activity;sid:81153719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290618/; classtype:trojan-activity;sid:81153718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290617/; classtype:trojan-activity;sid:81153717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.241.249.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290616/; classtype:trojan-activity;sid:81153716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.197.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290615/; classtype:trojan-activity;sid:81153715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290614/; classtype:trojan-activity;sid:81153714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.105.31.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290613/; classtype:trojan-activity;sid:81153713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.178.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290612/; classtype:trojan-activity;sid:81153712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290611/; classtype:trojan-activity;sid:81153711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290610/; classtype:trojan-activity;sid:81153710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.47.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290609/; classtype:trojan-activity;sid:81153709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290608/; classtype:trojan-activity;sid:81153708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/m9dbd48r2/"; http_uri; depth:26; isdataat:!1,relative; content:"www.emir-elbahr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290607/; classtype:trojan-activity;sid:81153707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/91ff9ac8b72d72bd1cce7f62cf2dfd5c/oct/"; http_uri; depth:38; isdataat:!1,relative; content:"sumaninds.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290606/; classtype:trojan-activity;sid:81153706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/am/bpixvedjb/"; http_uri; depth:14; isdataat:!1,relative; content:"125.26.165.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290605/; classtype:trojan-activity;sid:81153705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/satyavascular.com/doc/qg9xmhyv3/1x-08511-869-j2oi-1y2bthsehp/"; http_uri; depth:62; isdataat:!1,relative; content:"srikrishnamrudulahospital.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290604/; classtype:trojan-activity;sid:81153704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/t6rcw77-px-890151/"; http_uri; depth:40; isdataat:!1,relative; content:"rosieskin.webdep24h.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290603/; classtype:trojan-activity;sid:81153703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/njw5xh2na/v4-2662-13189656-fvod9e2-fay7a73e37/"; http_uri; depth:66; isdataat:!1,relative; content:"idthomes.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290602/; classtype:trojan-activity;sid:81153702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/swift/aurpa-590-19-509mc5-5j6j76mf/"; http_uri; depth:47; isdataat:!1,relative; content:"wellnessscientific.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290601/; classtype:trojan-activity;sid:81153701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp_backup20170801/lr40-lv-149/"; http_uri; depth:31; isdataat:!1,relative; content:"tokyo-plant.ui-test.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290600/; classtype:trojan-activity;sid:81153700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test777/protected-kvx8k8-irmydxtsxi6bfqs/5055840623-d9bzvlcot-cloud/j688ef8q-vss1zyw8/"; http_uri; depth:87; isdataat:!1,relative; content:"logitransport.com.ec"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290599/; classtype:trojan-activity;sid:81153699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-cgi/private-disk/verifiable-cloud/577060-kkqaj/"; http_uri; depth:52; isdataat:!1,relative; content:"lowcostcoachhire.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290598/; classtype:trojan-activity;sid:81153698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/doc/aq6du6zzg/v40w-3750594-3472405-4siz5hzyo-xiloh/"; http_uri; depth:59; isdataat:!1,relative; content:"indopixel.id"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290597/; classtype:trojan-activity;sid:81153697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qbix/etrac/we3mqml0l/"; http_uri; depth:22; isdataat:!1,relative; content:"13.127.108.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290596/; classtype:trojan-activity;sid:81153696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/31/ienpre94ikb/uvqqme137b0/"; http_uri; depth:28; isdataat:!1,relative; content:"163.13.182.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290595/; classtype:trojan-activity;sid:81153695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter-pdb3vtgfl/orqywn-mdd5-318/"; http_uri; depth:38; isdataat:!1,relative; content:"rgitabit.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290594/; classtype:trojan-activity;sid:81153694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/omlakdj17fkcjfsd/m2e5elx/uxv9i-365205352-001370-30ly-b7wyvde/"; http_uri; depth:62; isdataat:!1,relative; content:"sman1majenang.sch.id"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290593/; classtype:trojan-activity;sid:81153693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fab4417ca9506f6d0c4f5d263693f0e7/2ku3e-hx-8485/"; http_uri; depth:48; isdataat:!1,relative; content:"dtsadvance.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290592/; classtype:trojan-activity;sid:81153692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter-zkjdgnucq/balance/"; http_uri; depth:30; isdataat:!1,relative; content:"thefinancialworld.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290591/; classtype:trojan-activity;sid:81153691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/reporting/08rlfs3rkgpw/"; http_uri; depth:36; isdataat:!1,relative; content:"umcro.edummr.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290590/; classtype:trojan-activity;sid:81153690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/p0p9ui-22uw-796857/"; http_uri; depth:29; isdataat:!1,relative; content:"vonems.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290589/; classtype:trojan-activity;sid:81153689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/browse/"; http_uri; depth:19; isdataat:!1,relative; content:"www.verus.mx"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290588/; classtype:trojan-activity;sid:81153688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290587/; classtype:trojan-activity;sid:81153687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.36.4.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290586/; classtype:trojan-activity;sid:81153686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290585/; classtype:trojan-activity;sid:81153685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.59.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290584/; classtype:trojan-activity;sid:81153684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.98.234.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290583/; classtype:trojan-activity;sid:81153683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.155.216.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290582/; classtype:trojan-activity;sid:81153682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.134.240.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290581/; classtype:trojan-activity;sid:81153681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.220.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290580/; classtype:trojan-activity;sid:81153680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.148.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290579/; classtype:trojan-activity;sid:81153679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/browse/9c6hwetsp/xgse6x2-4403-87-8sfp9iq6-8zs3z/"; http_uri; depth:53; isdataat:!1,relative; content:"renaissancepathways.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290578/; classtype:trojan-activity;sid:81153678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290577/; classtype:trojan-activity;sid:81153677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spicybins.sh"; http_uri; depth:13; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290576/; classtype:trojan-activity;sid:81153676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290575/; classtype:trojan-activity;sid:81153675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290574/; classtype:trojan-activity;sid:81153674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290573/; classtype:trojan-activity;sid:81153673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290572/; classtype:trojan-activity;sid:81153672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"118.40.41.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290571/; classtype:trojan-activity;sid:81153671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290570/; classtype:trojan-activity;sid:81153670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290569/; classtype:trojan-activity;sid:81153669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290568/; classtype:trojan-activity;sid:81153668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290567/; classtype:trojan-activity;sid:81153667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290566/; classtype:trojan-activity;sid:81153666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"93.174.93.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290565/; classtype:trojan-activity;sid:81153665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/aj2o2c-5938724236-512968048-wyjckj3-u4wlr13u/"; http_uri; depth:55; isdataat:!1,relative; content:"www.sharedss.com.au"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290564/; classtype:trojan-activity;sid:81153664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gstore/documentation/dhjs1-711937117-07-glib-ji3kpi/"; http_uri; depth:53; isdataat:!1,relative; content:"onlineyogaplatform.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290563/; classtype:trojan-activity;sid:81153663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/lxaxxisj/"; http_uri; depth:17; isdataat:!1,relative; content:"rosemurphy.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290562/; classtype:trojan-activity;sid:81153662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rtynh/"; http_uri; depth:18; isdataat:!1,relative; content:"empleos.tuprimerlaburo.com.ar"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290561/; classtype:trojan-activity;sid:81153661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/omlakdj17fkcjfsd/2nzl9l2816/wo5eqm3mp/"; http_uri; depth:39; isdataat:!1,relative; content:"casinonadengi24.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290560/; classtype:trojan-activity;sid:81153660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qo65m/"; http_uri; depth:7; isdataat:!1,relative; content:"sml.bz"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290559/; classtype:trojan-activity;sid:81153659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vario/statement/wfczpkp2v/l5l6n-499-184-31f4ky-wpk9/"; http_uri; depth:53; isdataat:!1,relative; content:"hasler.de"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290558/; classtype:trojan-activity;sid:81153658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vgnjzwsv/"; http_uri; depth:19; isdataat:!1,relative; content:"www.51az.com.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290557/; classtype:trojan-activity;sid:81153657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spikyfishgames/parts_service/bu7ldn/"; http_uri; depth:37; isdataat:!1,relative; content:"pufferfiz.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290556/; classtype:trojan-activity;sid:81153656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/rpgdeiy4j8bv/nnk01a-6017448-3489-meeqwxsurj8-jevj/"; http_uri; depth:68; isdataat:!1,relative; content:"marcoscarbone.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290555/; classtype:trojan-activity;sid:81153655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/zumap/"; http_uri; depth:16; isdataat:!1,relative; content:"shop.farimweb.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290554/; classtype:trojan-activity;sid:81153654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/u-95154294-96-dk4ucjga-3oy5dh5n5k3o/"; http_uri; depth:62; isdataat:!1,relative; content:"www.merkmodeonline.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290553/; classtype:trojan-activity;sid:81153653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/esp/6bdtl-62890-43230192-c42tq8t53a-lmvzba9s4/"; http_uri; depth:56; isdataat:!1,relative; content:"wx.52tmm.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290552/; classtype:trojan-activity;sid:81153652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/7ww702-l1h2g-335/"; http_uri; depth:30; isdataat:!1,relative; content:"www.banqueteriajofre.cl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290551/; classtype:trojan-activity;sid:81153651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/docs/oowib93zc/"; http_uri; depth:27; isdataat:!1,relative; content:"pharmamammarx.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290550/; classtype:trojan-activity;sid:81153650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.74.228.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290549/; classtype:trojan-activity;sid:81153649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.151.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290548/; classtype:trojan-activity;sid:81153648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.31.253.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290547/; classtype:trojan-activity;sid:81153647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.96.87.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290546/; classtype:trojan-activity;sid:81153646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.189.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290545/; classtype:trojan-activity;sid:81153645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.155.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290544/; classtype:trojan-activity;sid:81153644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290543/; classtype:trojan-activity;sid:81153643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290542/; classtype:trojan-activity;sid:81153642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.10.192.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290541/; classtype:trojan-activity;sid:81153641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.104.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290540/; classtype:trojan-activity;sid:81153640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290539/; classtype:trojan-activity;sid:81153639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290538/; classtype:trojan-activity;sid:81153638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290537/; classtype:trojan-activity;sid:81153637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290536/; classtype:trojan-activity;sid:81153636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.33.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290535/; classtype:trojan-activity;sid:81153635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.23.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290534/; classtype:trojan-activity;sid:81153634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.151.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290533/; classtype:trojan-activity;sid:81153633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.54.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290532/; classtype:trojan-activity;sid:81153632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakattack/esp/qdrjrn539/"; http_uri; depth:25; isdataat:!1,relative; content:"luilao.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290531/; classtype:trojan-activity;sid:81153631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mestiz.old/713-tyre-484812/"; http_uri; depth:28; isdataat:!1,relative; content:"asciidev.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290530/; classtype:trojan-activity;sid:81153630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/engl/public/"; http_uri; depth:13; isdataat:!1,relative; content:"excasa3530.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290529/; classtype:trojan-activity;sid:81153629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ykrvy/"; http_uri; depth:19; isdataat:!1,relative; content:"rmntnk.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290528/; classtype:trojan-activity;sid:81153628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/6-5274517507-76268251-p41bmdaeyz-9nvc4ben9/"; http_uri; depth:63; isdataat:!1,relative; content:"concerthall.podolyany.com.ua"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290527/; classtype:trojan-activity;sid:81153627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/closed-disk/corporate-area/j2po4sz-634t8-27241/"; http_uri; depth:58; isdataat:!1,relative; content:"elntechnology.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290526/; classtype:trojan-activity;sid:81153626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/public/p4hsvhcrub/kg-9474-112895-st1aoi9cmy-seuhu6j66niv/"; http_uri; depth:67; isdataat:!1,relative; content:"www.ftpftpftp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290525/; classtype:trojan-activity;sid:81153625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/"; http_uri; depth:21; isdataat:!1,relative; content:"farsmix.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290524/; classtype:trojan-activity;sid:81153624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qq2-9q0-64671/"; http_uri; depth:26; isdataat:!1,relative; content:"thuong.bidiworks.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290523/; classtype:trojan-activity;sid:81153623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/esp/wrhaexov2wa/b7j-3592-26334-fmhwbnksz-lysinum8qsj/"; http_uri; depth:63; isdataat:!1,relative; content:"test-explorelanka.sensefeelit.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290522/; classtype:trojan-activity;sid:81153622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/8qb14b5/liu6hn6sn8/mvvlms-54431-436519-amdxv-a1ueqrkkc/"; http_uri; depth:67; isdataat:!1,relative; content:"ziyinshedege.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290521/; classtype:trojan-activity;sid:81153621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/edithluc/wr/"; http_uri; depth:13; isdataat:!1,relative; content:"am-concepts.ca"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290520/; classtype:trojan-activity;sid:81153620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/nizhm-9513510409-698-inojjhf3u40-5ud4kwqa03/"; http_uri; depth:63; isdataat:!1,relative; content:"sports.tj"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290519/; classtype:trojan-activity;sid:81153619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/balance/"; http_uri; depth:20; isdataat:!1,relative; content:"work4sales.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290518/; classtype:trojan-activity;sid:81153618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gp3kk11-pvbh2-8573/"; http_uri; depth:32; isdataat:!1,relative; content:"fmlnz.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290517/; classtype:trojan-activity;sid:81153617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/lm/7kcp1v/d-7431-8309903-cwtsrq3ty1-m1f2/"; http_uri; depth:52; isdataat:!1,relative; content:"elntechnology.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290516/; classtype:trojan-activity;sid:81153616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/paclm/hgv8aiah/49jkw-9497466004-52031009-hdiwyqcd-tcwrl/"; http_uri; depth:64; isdataat:!1,relative; content:"agtrade.hu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290515/; classtype:trojan-activity;sid:81153615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/internetmarketing/innxr-bx-61/"; http_uri; depth:31; isdataat:!1,relative; content:"geraldinehoran.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290514/; classtype:trojan-activity;sid:81153614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290513/; classtype:trojan-activity;sid:81153613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.25.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290512/; classtype:trojan-activity;sid:81153612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.212.242.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290511/; classtype:trojan-activity;sid:81153611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.33.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290510/; classtype:trojan-activity;sid:81153610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"24.46.82.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290509/; classtype:trojan-activity;sid:81153609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290508/; classtype:trojan-activity;sid:81153608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290507/; classtype:trojan-activity;sid:81153607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290506/; classtype:trojan-activity;sid:81153606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290505/; classtype:trojan-activity;sid:81153605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290504/; classtype:trojan-activity;sid:81153604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.177.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290503/; classtype:trojan-activity;sid:81153603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.97.153.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290502/; classtype:trojan-activity;sid:81153602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.179.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290501/; classtype:trojan-activity;sid:81153601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.86.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290500/; classtype:trojan-activity;sid:81153600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.139.93.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290499/; classtype:trojan-activity;sid:81153599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290498/; classtype:trojan-activity;sid:81153598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.53.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290497/; classtype:trojan-activity;sid:81153597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.237.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290496/; classtype:trojan-activity;sid:81153596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.105.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290495/; classtype:trojan-activity;sid:81153595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww12/oct/qffq-477928-4860912-jdxru7wo-b5jewrbjd7h/"; http_uri; depth:51; isdataat:!1,relative; content:"alterego.co.za"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290494/; classtype:trojan-activity;sid:81153594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gkw/scan/"; http_uri; depth:10; isdataat:!1,relative; content:"gabeclogston.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290493/; classtype:trojan-activity;sid:81153593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/connections/etkdyktu/"; http_uri; depth:22; isdataat:!1,relative; content:"grafikos.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290492/; classtype:trojan-activity;sid:81153592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/browse/a5c01z/ow00ep-803050457-943-b7h7r8-p5n7w42oukl/"; http_uri; depth:55; isdataat:!1,relative; content:"freamer.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290491/; classtype:trojan-activity;sid:81153591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/authenticar/1045480296181666/bqdki-9032-2340158-fawzrglqmk2-hura/"; http_uri; depth:66; isdataat:!1,relative; content:"ghostdesigners.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290490/; classtype:trojan-activity;sid:81153590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/upnpikai-n8-923/"; http_uri; depth:23; isdataat:!1,relative; content:"grafity-sk.sk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290489/; classtype:trojan-activity;sid:81153589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/inc/c0xuyi214/7r5l3kj-1024796-74-2iuf-h551wvonuab/"; http_uri; depth:51; isdataat:!1,relative; content:"globalmudra.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290488/; classtype:trojan-activity;sid:81153588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_mmserverscripts/chetfl/"; http_uri; depth:25; isdataat:!1,relative; content:"industriasrofo.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290487/; classtype:trojan-activity;sid:81153587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/lm/kw-77957118-3670-jm16-qx1n873n/"; http_uri; depth:39; isdataat:!1,relative; content:"grafdesign.pl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290486/; classtype:trojan-activity;sid:81153586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ehzdaioey/"; http_uri; depth:23; isdataat:!1,relative; content:"kelp4less.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290485/; classtype:trojan-activity;sid:81153585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/statement/va99le5hn/"; http_uri; depth:21; isdataat:!1,relative; content:"hotart.co.nz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290484/; classtype:trojan-activity;sid:81153584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lm/5agln-231-97622637-e1pi0k-brn9ybq3a/"; http_uri; depth:40; isdataat:!1,relative; content:"horal.sk"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290483/; classtype:trojan-activity;sid:81153583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290482/; classtype:trojan-activity;sid:81153582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290481/; classtype:trojan-activity;sid:81153581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.118.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290480/; classtype:trojan-activity;sid:81153580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.43.65.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290479/; classtype:trojan-activity;sid:81153579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.149.10.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290478/; classtype:trojan-activity;sid:81153578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.7.33.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290477/; classtype:trojan-activity;sid:81153577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.219.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290476/; classtype:trojan-activity;sid:81153576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290475/; classtype:trojan-activity;sid:81153575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290474/; classtype:trojan-activity;sid:81153574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290473/; classtype:trojan-activity;sid:81153573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290472/; classtype:trojan-activity;sid:81153572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290471/; classtype:trojan-activity;sid:81153571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.217.38.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290470/; classtype:trojan-activity;sid:81153570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290469/; classtype:trojan-activity;sid:81153569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290468/; classtype:trojan-activity;sid:81153568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.21.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290467/; classtype:trojan-activity;sid:81153567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.210.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290466/; classtype:trojan-activity;sid:81153566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/piano/oct/"; http_uri; depth:11; isdataat:!1,relative; content:"timdudley.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_17; reference:url, urlhaus.abuse.ch/url/290465/; classtype:trojan-activity;sid:81153565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/kqbmne/"; http_uri; depth:11; isdataat:!1,relative; content:"limpiezaslucel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290464/; classtype:trojan-activity;sid:81153564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww12/multifunctional-ejdvqat5as-f1fdkel24ub43/test-warehouse/bcfn9n47frzn-b2qv2rjql0/"; http_uri; depth:86; isdataat:!1,relative; content:"ironart.com.pl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290463/; classtype:trojan-activity;sid:81153563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/bx3kqr7s5k/37wi01kq/pzk1ik-7434879-51682-8yboia5sj-1b5ev4fuwf26/"; http_uri; depth:72; isdataat:!1,relative; content:"infoteccomputadores.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290462/; classtype:trojan-activity;sid:81153562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/unw8j6cd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290461/; classtype:trojan-activity;sid:81153561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/closed_box/special_warehouse/giz57m6_6v6x64wt/"; http_uri; depth:47; isdataat:!1,relative; content:"iprointeractive.ca"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290460/; classtype:trojan-activity;sid:81153560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/reporting/9176-2520-24509-7n9nu-oth99/"; http_uri; depth:47; isdataat:!1,relative; content:"iclenvironmental.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290459/; classtype:trojan-activity;sid:81153559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ualae/"; http_uri; depth:18; isdataat:!1,relative; content:"mediariser.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290458/; classtype:trojan-activity;sid:81153558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/9zji54xcntxi/"; http_uri; depth:22; isdataat:!1,relative; content:"indrikov.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290457/; classtype:trojan-activity;sid:81153557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/wilce_od91nmdjn_82dsj5hls_90x3/521541419349_jsq0ybww3q0au_space/wn39rpmq_am6max2nm2sk9/"; http_uri; depth:100; isdataat:!1,relative; content:"ga2.neomeric.us"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290456/; classtype:trojan-activity;sid:81153556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/documentation/okbz7ps-0116080326-334064558-zp79wgi21ts-yn8n6l/"; http_uri; depth:74; isdataat:!1,relative; content:"kozyrev.us"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290455/; classtype:trojan-activity;sid:81153555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/common-disk/external-area/e8goaul4-w1sx6ty/"; http_uri; depth:50; isdataat:!1,relative; content:"lanti.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290454/; classtype:trojan-activity;sid:81153554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/us/public/kmjgyavg29/w6-163-185510093-8yraws2-5hpk0832/"; http_uri; depth:56; isdataat:!1,relative; content:"laylalanemusic.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290453/; classtype:trojan-activity;sid:81153553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demos/lwebsrzie/"; http_uri; depth:17; isdataat:!1,relative; content:"multiesfera.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290452/; classtype:trojan-activity;sid:81153552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/open-833588-bu55sjbp9w/vrntyb-sp5rfenwkvia0-warehouse/39731718372-5lkqizdwf/"; http_uri; depth:86; isdataat:!1,relative; content:"lulamedia.dk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290451/; classtype:trojan-activity;sid:81153551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zipimport/sites/0xlh3ow9sqes/q2hfk-05961455-10056287-mp45tcd81i-tbte2bm/"; http_uri; depth:73; isdataat:!1,relative; content:"maservisni.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290450/; classtype:trojan-activity;sid:81153550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/single-room-2/closed-array/corporate-3710395-hlirvmrnbmjpdih/puipv9m9axqozjo-zu956sy4tzyv/"; http_uri; depth:91; isdataat:!1,relative; content:"manorviews.co.nz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290449/; classtype:trojan-activity;sid:81153549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/saloon/guwve535/"; http_uri; depth:17; isdataat:!1,relative; content:"siliquehair.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290448/; classtype:trojan-activity;sid:81153548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/oif3/"; http_uri; depth:14; isdataat:!1,relative; content:"ferrylegal.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290447/; classtype:trojan-activity;sid:81153547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/imagina/uzux24726/"; http_uri; depth:19; isdataat:!1,relative; content:"contactocontinuo.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290446/; classtype:trojan-activity;sid:81153546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-content/plugins/delete-all-comments/atb7t7123/"; http_uri; depth:55; isdataat:!1,relative; content:"codeproof.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290445/; classtype:trojan-activity;sid:81153545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/itz9w25/"; http_uri; depth:20; isdataat:!1,relative; content:"accurateastrologys.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290444/; classtype:trojan-activity;sid:81153544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pt/documentation/"; http_uri; depth:18; isdataat:!1,relative; content:"www.rusch.nu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290443/; classtype:trojan-activity;sid:81153543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/wx45mrxr/4fd4-460671359-04635249-ljfu3it-oi2cwywwzhuy/"; http_uri; depth:80; isdataat:!1,relative; content:"mazzottadj.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290442/; classtype:trojan-activity;sid:81153542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/c0n7-bl-4876/"; http_uri; depth:26; isdataat:!1,relative; content:"pipehouse.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290441/; classtype:trojan-activity;sid:81153541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/common_section/verified_profile/cfo12dsxcy_q8toznnpkbk/"; http_uri; depth:56; isdataat:!1,relative; content:"maxprofits.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290440/; classtype:trojan-activity;sid:81153540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/protected-zone/interior-space/yoc-51x7t41085us/"; http_uri; depth:59; isdataat:!1,relative; content:"mitienda.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290439/; classtype:trojan-activity;sid:81153539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/familyapp/ijb/"; http_uri; depth:15; isdataat:!1,relative; content:"noahheck.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290438/; classtype:trojan-activity;sid:81153538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/personal_section/security_forum/4774862740_dwfduhgejw3/"; http_uri; depth:64; isdataat:!1,relative; content:"multitable.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290437/; classtype:trojan-activity;sid:81153537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/91635/c0a1q-3095-02061-604id0wcn-kw0741/"; http_uri; depth:41; isdataat:!1,relative; content:"mugsyberger.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290436/; classtype:trojan-activity;sid:81153536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/multifunctional_tleazhb_ssuamip/kpudju8_mt5e0zn_warehouse/ctyng6n_v8v5wsyxu/"; http_uri; depth:88; isdataat:!1,relative; content:"mynotesfromnewengland.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290435/; classtype:trojan-activity;sid:81153535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sushi/dgsgxbg/"; http_uri; depth:15; isdataat:!1,relative; content:"proyectoin.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290434/; classtype:trojan-activity;sid:81153534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.236.73.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290433/; classtype:trojan-activity;sid:81153533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290432/; classtype:trojan-activity;sid:81153532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290431/; classtype:trojan-activity;sid:81153531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290430/; classtype:trojan-activity;sid:81153530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290429/; classtype:trojan-activity;sid:81153529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.4.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290428/; classtype:trojan-activity;sid:81153528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290427/; classtype:trojan-activity;sid:81153527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290426/; classtype:trojan-activity;sid:81153526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.185.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290425/; classtype:trojan-activity;sid:81153525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.195.55.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290424/; classtype:trojan-activity;sid:81153524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.123.250.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290423/; classtype:trojan-activity;sid:81153523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290422/; classtype:trojan-activity;sid:81153522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.240.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290421/; classtype:trojan-activity;sid:81153521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7etl2htodd/parts_service/o53zf-794128603-41-vcliti-uiyclb/"; http_uri; depth:59; isdataat:!1,relative; content:"ramun.ch"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290420/; classtype:trojan-activity;sid:81153520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/deze/files/ext/available-module/verified-area/4428232589-j7corpdpoyv/"; http_uri; depth:70; isdataat:!1,relative; content:"render.lt"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290419/; classtype:trojan-activity;sid:81153519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xjj/si71lzgq3foh_xd5gk3jbfh4_sector/security_46368467_txcfhmu20rem8/704771606906_omtjjd7rs6xggi/"; http_uri; depth:97; isdataat:!1,relative; content:"shagua.name"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290418/; classtype:trojan-activity;sid:81153518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pt/documentation/"; http_uri; depth:18; isdataat:!1,relative; content:"rusch.nu"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290417/; classtype:trojan-activity;sid:81153517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/denart/gfirca/"; http_uri; depth:15; isdataat:!1,relative; content:"schollaert.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290416/; classtype:trojan-activity;sid:81153516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/mf6f4/"; http_uri; depth:19; isdataat:!1,relative; content:"firelabo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290415/; classtype:trojan-activity;sid:81153515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wayne/lldo/"; http_uri; depth:12; isdataat:!1,relative; content:"beech.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290414/; classtype:trojan-activity;sid:81153514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubkoqn/"; http_uri; depth:8; isdataat:!1,relative; content:"ayonschools.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290413/; classtype:trojan-activity;sid:81153513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/i6ngx5/"; http_uri; depth:15; isdataat:!1,relative; content:"911concept.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290412/; classtype:trojan-activity;sid:81153512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/css/dist/2ew/"; http_uri; depth:26; isdataat:!1,relative; content:"amelano.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290411/; classtype:trojan-activity;sid:81153511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/closed_resource/verified_forum/6105851_hqalmoqkd27coype/"; http_uri; depth:57; isdataat:!1,relative; content:"nitech.mu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290408/; classtype:trojan-activity;sid:81153508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/closed-p6pby0-dctbc04mtt0roq/guarded-portal/kft6p8x4nt-w4xt058yv5402/"; http_uri; depth:81; isdataat:!1,relative; content:"onayturk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290407/; classtype:trojan-activity;sid:81153507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mudcafe/wia/"; http_uri; depth:13; isdataat:!1,relative; content:"spread.ooo"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290406/; classtype:trojan-activity;sid:81153506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/4350884_jfjb52ygh_33_4raxz0u68/individual_area/1c93_zs8y8xy8u4uz/"; http_uri; depth:73; isdataat:!1,relative; content:"photok.dk"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290404/; classtype:trojan-activity;sid:81153504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/mtez/"; http_uri; depth:22; isdataat:!1,relative; content:"creativeworld.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290403/; classtype:trojan-activity;sid:81153503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/common-section/special-yef7mqop22s-p88iisexhyib/906j-419s84v3z/"; http_uri; depth:73; isdataat:!1,relative; content:"luizazan.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290402/; classtype:trojan-activity;sid:81153502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xnddtnxg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290401/; classtype:trojan-activity;sid:81153501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/attachments/obl7yjqai9g/hl-764-024-4h919z84y-fbe9ulgdd/"; http_uri; depth:62; isdataat:!1,relative; content:"sukuosenos.lt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290400/; classtype:trojan-activity;sid:81153500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/available_resource/open_profile/ddeb5565aje_09uuv/"; http_uri; depth:51; isdataat:!1,relative; content:"subkhonov.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290399/; classtype:trojan-activity;sid:81153499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/produtos/parts_service/hewry8/"; http_uri; depth:31; isdataat:!1,relative; content:"topsystemautomacao.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290398/; classtype:trojan-activity;sid:81153498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/myideaspace/c32q0bmh-dm6-11018/"; http_uri; depth:32; isdataat:!1,relative; content:"devicesherpa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290397/; classtype:trojan-activity;sid:81153497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/common_disk/external_7345073791_ncx3qoue/cj4honb0y_9lrzx3wgba6n/"; http_uri; depth:71; isdataat:!1,relative; content:"sirikase.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290396/; classtype:trojan-activity;sid:81153496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/attachments/gl34l-98028-974604-x4czgv2wg-gk48/"; http_uri; depth:51; isdataat:!1,relative; content:"vasistas.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290395/; classtype:trojan-activity;sid:81153495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ofvcre-yg0g1-14/"; http_uri; depth:25; isdataat:!1,relative; content:"biomedmat.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290394/; classtype:trojan-activity;sid:81153494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/themeso/2dztf/"; http_uri; depth:15; isdataat:!1,relative; content:"constructorafpi.cl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290393/; classtype:trojan-activity;sid:81153493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pub/closed-section/security-warehouse/425579568637-fwqji/"; http_uri; depth:58; isdataat:!1,relative; content:"cvc.com.pl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290392/; classtype:trojan-activity;sid:81153492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/help/parts_service/72fio-744612-15522927-bcrr9w7-ihh4kpzez/"; http_uri; depth:60; isdataat:!1,relative; content:"ditec.com.my"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290391/; classtype:trojan-activity;sid:81153491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/personal_box/individual_portal/247955009787_hx56jotddne/"; http_uri; depth:65; isdataat:!1,relative; content:"dstny.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290390/; classtype:trojan-activity;sid:81153490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sk/xchskay/"; http_uri; depth:12; isdataat:!1,relative; content:"brutalfish.sk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290389/; classtype:trojan-activity;sid:81153489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/178154782751/7z7th1f0wgr/ny-8181603-569-d7rka-w2cdg/"; http_uri; depth:53; isdataat:!1,relative; content:"designartin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290388/; classtype:trojan-activity;sid:81153488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/private_84y2h7_7t2dd/open_w8k4od3r6pbt_cx5z4/rn5f3ico_g2o3l6sj/"; http_uri; depth:71; isdataat:!1,relative; content:"demetrio.pl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290387/; classtype:trojan-activity;sid:81153487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290386/; classtype:trojan-activity;sid:81153486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290385/; classtype:trojan-activity;sid:81153485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.32.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290384/; classtype:trojan-activity;sid:81153484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.38.25.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290383/; classtype:trojan-activity;sid:81153483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.3.180.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290382/; classtype:trojan-activity;sid:81153482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.64.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290381/; classtype:trojan-activity;sid:81153481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290380/; classtype:trojan-activity;sid:81153480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.238.35.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290379/; classtype:trojan-activity;sid:81153479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/2a6v976mj/"; http_uri; depth:23; isdataat:!1,relative; content:"faroholidays.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290378/; classtype:trojan-activity;sid:81153478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/imgs/protected_disk/pcs3luu_1j4mcw7j8_warehouse/46271528655501_lbz5rgjbh2lfm/"; http_uri; depth:78; isdataat:!1,relative; content:"elaboro.pl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290377/; classtype:trojan-activity;sid:81153477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/rm-pd-26/"; http_uri; depth:14; isdataat:!1,relative; content:"cnoenc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290376/; classtype:trojan-activity;sid:81153476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/we6nu1b6k1/dcyv-1349641-893-wuv26mbghwj-kho91cwx2/"; http_uri; depth:68; isdataat:!1,relative; content:"binaghetta.it"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290375/; classtype:trojan-activity;sid:81153475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ar_html/closed-flzrkbvz09llc7m-t6qpclvhz/external-warehouse/xxj2gt-77bkidno42/"; http_uri; depth:79; isdataat:!1,relative; content:"bitsnchips.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290374/; classtype:trojan-activity;sid:81153474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0vi127i8g9/"; http_uri; depth:12; isdataat:!1,relative; content:"bmserve.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290373/; classtype:trojan-activity;sid:81153473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2015_bwrose_www/protected_resource/close_chp5q_1qesysxltc/0608265426040_dfvjfhs8npkcx9jl/"; http_uri; depth:90; isdataat:!1,relative; content:"bwrose.pl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290372/; classtype:trojan-activity;sid:81153472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/webrep.ca/dlhr4-dy-84273/"; http_uri; depth:26; isdataat:!1,relative; content:"carlosmartins.ca"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290371/; classtype:trojan-activity;sid:81153471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/parts_service/6q6pwjj/"; http_uri; depth:31; isdataat:!1,relative; content:"cali.de"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290370/; classtype:trojan-activity;sid:81153470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/roundcube/installer/closed_array/test_ko5rmdah_j0zjuwd44mf1q6q/0w7s0f_t65z024526wt66/"; http_uri; depth:86; isdataat:!1,relative; content:"buybywe.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290369/; classtype:trojan-activity;sid:81153469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/imagina/browse/"; http_uri; depth:16; isdataat:!1,relative; content:"contactocontinuo.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290368/; classtype:trojan-activity;sid:81153468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/wajy/"; http_uri; depth:14; isdataat:!1,relative; content:"elgrande.com.hk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290367/; classtype:trojan-activity;sid:81153467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/androide/common-971872766-nwihhg/interior-space/81078604278304-i1nrs3fehky/"; http_uri; depth:76; isdataat:!1,relative; content:"camara.pro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290366/; classtype:trojan-activity;sid:81153466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gamecocklanes.com/swift/560wgd5nob2/"; http_uri; depth:37; isdataat:!1,relative; content:"expo300.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290365/; classtype:trojan-activity;sid:81153465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lacrosseleaguestats/9563044-6jpvoo2h9ydkeh-section/special-forum/brn7gq-jngjmks7eg5/"; http_uri; depth:85; isdataat:!1,relative; content:"compunetplus.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290364/; classtype:trojan-activity;sid:81153464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pub/overview/mvcl-925-34547227-jl5gklrj0qv-v63zyco79ita/"; http_uri; depth:57; isdataat:!1,relative; content:"f-plast.pl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290363/; classtype:trojan-activity;sid:81153463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww12/msnbarn/"; http_uri; depth:14; isdataat:!1,relative; content:"destilaria.tv"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290362/; classtype:trojan-activity;sid:81153462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/widgets/available_zone/individual_724772_rg2an9mray7wzgl/qzaf7qnck9fw5_8975t87900v6/"; http_uri; depth:85; isdataat:!1,relative; content:"cyzic.co.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290361/; classtype:trojan-activity;sid:81153461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.218.177.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290360/; classtype:trojan-activity;sid:81153460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pub/od3l-mzxf4y6g-module/security-area/083269430-xt8iei/"; http_uri; depth:57; isdataat:!1,relative; content:"flexistyle.com.pl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290359/; classtype:trojan-activity;sid:81153459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/attachments/fvmoi-0767-35021961-rx5regn-bb5yukg/"; http_uri; depth:55; isdataat:!1,relative; content:"paskha.biz.ua"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290358/; classtype:trojan-activity;sid:81153458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/friphoto/jkamdsm-ecpuk-441314/"; http_uri; depth:31; isdataat:!1,relative; content:"dr702.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290357/; classtype:trojan-activity;sid:81153457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/open-disk/ehw32di-wuxfzo6tn-q72nhfufhc-blyc8tzwovgg/b9ggfithvd-mpm7lv3djniz/"; http_uri; depth:85; isdataat:!1,relative; content:"dragonsknot.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290356/; classtype:trojan-activity;sid:81153456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/system/inc/seqrxy-483627-0862-3pj61ohg-4dxokenie/"; http_uri; depth:50; isdataat:!1,relative; content:"yojersey.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290355/; classtype:trojan-activity;sid:81153455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/multifunctional_resource/external_space/1mzb5jtap8cw6z3_654w82w3zv0zt/"; http_uri; depth:82; isdataat:!1,relative; content:"futurepath.fi"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290354/; classtype:trojan-activity;sid:81153454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/am/parts_service/nz1a5qf-27237-4768-wlq3g4oemt-58pq/"; http_uri; depth:53; isdataat:!1,relative; content:"angthong.nfe.go.th"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290353/; classtype:trojan-activity;sid:81153453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ipaskn/"; http_uri; depth:17; isdataat:!1,relative; content:"unity.revistamundonerd.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290352/; classtype:trojan-activity;sid:81153452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/83092392960/i-9850791-877481847-lnq52kes81q-vwps6mv/"; http_uri; depth:62; isdataat:!1,relative; content:"xn--zelokul-80a.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290351/; classtype:trojan-activity;sid:81153451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/7oipsqliz-jijjhkqqounkd7-module/special-portal/h7fhr6eyp4y-yvtt0379/"; http_uri; depth:80; isdataat:!1,relative; content:"kvartura.vn.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290350/; classtype:trojan-activity;sid:81153450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.200.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290349/; classtype:trojan-activity;sid:81153449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.11.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290348/; classtype:trojan-activity;sid:81153448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290347/; classtype:trojan-activity;sid:81153447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.60.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290346/; classtype:trojan-activity;sid:81153446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290345/; classtype:trojan-activity;sid:81153445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.17.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290344/; classtype:trojan-activity;sid:81153444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290343/; classtype:trojan-activity;sid:81153443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290342/; classtype:trojan-activity;sid:81153442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290341/; classtype:trojan-activity;sid:81153441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.226.209.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290340/; classtype:trojan-activity;sid:81153440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jaextmanager_data/payment/unkjy4xle/"; http_uri; depth:37; isdataat:!1,relative; content:"afweb.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290339/; classtype:trojan-activity;sid:81153439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mbksle153jdsje/wcdsnx/"; http_uri; depth:23; isdataat:!1,relative; content:"owly.cl"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290338/; classtype:trojan-activity;sid:81153438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tabibi/common-disk/corporate-520747086963-4fkvd97lccrvz/osoaq-iengnnju5a/"; http_uri; depth:74; isdataat:!1,relative; content:"united-vision.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290337/; classtype:trojan-activity;sid:81153437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/3yixas-3060-3716-rnh47-svd7c5q5zg/"; http_uri; depth:52; isdataat:!1,relative; content:"www.arsestetica.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290336/; classtype:trojan-activity;sid:81153436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/ry0y0kjox4u/s-17820736-5722592-pg0y0igc-5paid6/"; http_uri; depth:69; isdataat:!1,relative; content:"zapisi.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290335/; classtype:trojan-activity;sid:81153435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/multifunctional_disk/verifiable_profile/to5iymx0un_s2s3y1732w/"; http_uri; depth:72; isdataat:!1,relative; content:"glissandobigband.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290334/; classtype:trojan-activity;sid:81153434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wmjqlv/qf5306m5u7cj/"; http_uri; depth:21; isdataat:!1,relative; content:"xoweb.cn"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290333/; classtype:trojan-activity;sid:81153433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chiropractic/237ssd7saq/closed-zone/open-portal/09048781-vp9jnib/"; http_uri; depth:66; isdataat:!1,relative; content:"gentlechirocenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290332/; classtype:trojan-activity;sid:81153432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/database/statement/"; http_uri; depth:20; isdataat:!1,relative; content:"amnda.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290331/; classtype:trojan-activity;sid:81153431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/tts4sry6s02/n-39193239-0161-z58tvys-b4gzvwd/"; http_uri; depth:54; isdataat:!1,relative; content:"tuyensinhv2.elo.edu.vn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290330/; classtype:trojan-activity;sid:81153430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xmlimport/u7x743/"; http_uri; depth:18; isdataat:!1,relative; content:"www.volvorotterdam.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290329/; classtype:trojan-activity;sid:81153429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pc5079/"; http_uri; depth:19; isdataat:!1,relative; content:"trends.nextg.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290328/; classtype:trojan-activity;sid:81153428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pts_bilderupload/ssiylk/"; http_uri; depth:25; isdataat:!1,relative; content:"www.expertencall.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290327/; classtype:trojan-activity;sid:81153427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aujq/rym608/"; http_uri; depth:13; isdataat:!1,relative; content:"stlucieairways.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290326/; classtype:trojan-activity;sid:81153426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/5xuvxjs/"; http_uri; depth:18; isdataat:!1,relative; content:"vanezas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290325/; classtype:trojan-activity;sid:81153425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vasdjgfasdhfasd/sgfhsytrhgf.php"; http_uri; depth:32; isdataat:!1,relative; content:"3.88.133.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290324/; classtype:trojan-activity;sid:81153424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p-16-5.dll"; http_uri; depth:11; isdataat:!1,relative; content:"nxcvjksdhiougfhiosdgfsgdfohsoidfhc16c.s3.us-east-2.amazonaws.com"; http_host; depth:64; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290323/; classtype:trojan-activity;sid:81153423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/closed-048088730-rygdhsu5fyyq0g/additional-warehouse/q3jcu8tu-ukmoys7nm1kffu/"; http_uri; depth:89; isdataat:!1,relative; content:"www.mikaparking.co.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290322/; classtype:trojan-activity;sid:81153422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qw5oph_w5zmn86nbjz_035bla0_4wfgqnvcysr/139213509_d3itaw_00212998_rxqu7ghx1ly/433775_p"; http_uri; depth:94; isdataat:!1,relative; content:"pantaiharapan-berau.desa.id"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290321/; classtype:trojan-activity;sid:81153421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtuu/protected-section/special-9881232-b25qpdsdynbjuw2/qdz1tp1xlcvz-np6nk0imt/"; http_uri; depth:79; isdataat:!1,relative; content:"p5p5.cn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290320/; classtype:trojan-activity;sid:81153420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ad/doc/8ukv1rmlwwz/quuk1wy-87205-75-zo125yc35t-si424r81v/"; http_uri; depth:58; isdataat:!1,relative; content:"adesenhar.pt"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290319/; classtype:trojan-activity;sid:81153419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/application/balance/inc/"; http_uri; depth:25; isdataat:!1,relative; content:"hazel-azure.co.th"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290318/; classtype:trojan-activity;sid:81153418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/statement/aq9l8t3/drdba-347288-52479189-96cs-sb9n/"; http_uri; depth:63; isdataat:!1,relative; content:"www.farkliboyut.com.tr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290317/; classtype:trojan-activity;sid:81153417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app.php"; http_uri; depth:8; isdataat:!1,relative; content:"sripalanimalaimurugan.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290316/; classtype:trojan-activity;sid:81153416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app.php"; http_uri; depth:8; isdataat:!1,relative; content:"www.westmetro.com.ph"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290315/; classtype:trojan-activity;sid:81153415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/w14mxbp1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290314/; classtype:trojan-activity;sid:81153414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/loading/ime0a3-5ga-2870726553/"; http_uri; depth:31; isdataat:!1,relative; content:"roseperfeito.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290313/; classtype:trojan-activity;sid:81153413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hector/public/public/"; http_uri; depth:22; isdataat:!1,relative; content:"68.183.139.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290312/; classtype:trojan-activity;sid:81153412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/exclusive/gvdktv/"; http_uri; depth:18; isdataat:!1,relative; content:"www.builditexpress.co.uk"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290311/; classtype:trojan-activity;sid:81153411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/pbsetj/"; http_uri; depth:27; isdataat:!1,relative; content:"nguoidepxumuong.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290310/; classtype:trojan-activity;sid:81153410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x92k25/stphhur/"; http_uri; depth:16; isdataat:!1,relative; content:"adampettycreative.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290309/; classtype:trojan-activity;sid:81153409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/5gvh2bvxjk-adyl4d-51055/"; http_uri; depth:35; isdataat:!1,relative; content:"biztreemgmt.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290308/; classtype:trojan-activity;sid:81153408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/item_print/multifunctional_disk/additional_area/3t8zeg_kijy3r87/"; http_uri; depth:65; isdataat:!1,relative; content:"www.fleetlit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290307/; classtype:trojan-activity;sid:81153407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/attachments/vojx2diyt3a0/"; http_uri; depth:35; isdataat:!1,relative; content:"upull.grayandwhite.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290306/; classtype:trojan-activity;sid:81153406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/multifunctional_disk/close_warehouse/1fntxsp4l9_zuu1830ts/"; http_uri; depth:71; isdataat:!1,relative; content:"68.183.84.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290305/; classtype:trojan-activity;sid:81153405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290304/; classtype:trojan-activity;sid:81153404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.158.71.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290303/; classtype:trojan-activity;sid:81153403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.219.244.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290302/; classtype:trojan-activity;sid:81153402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.35.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290301/; classtype:trojan-activity;sid:81153401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.115.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290300/; classtype:trojan-activity;sid:81153400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.148.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290299/; classtype:trojan-activity;sid:81153399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.62.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290298/; classtype:trojan-activity;sid:81153398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.176.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290297/; classtype:trojan-activity;sid:81153397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.52.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290296/; classtype:trojan-activity;sid:81153396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.59.134.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290295/; classtype:trojan-activity;sid:81153395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.4.184.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290294/; classtype:trojan-activity;sid:81153394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.188.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290293/; classtype:trojan-activity;sid:81153393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vwemvqni/"; http_uri; depth:19; isdataat:!1,relative; content:"keterstorage.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290292/; classtype:trojan-activity;sid:81153392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ewww/wvo4jx/"; http_uri; depth:24; isdataat:!1,relative; content:"lula.vm-host.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290291/; classtype:trojan-activity;sid:81153391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/g6tj/"; http_uri; depth:18; isdataat:!1,relative; content:"mdspgrp.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290290/; classtype:trojan-activity;sid:81153390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/content/ylcmztn/"; http_uri; depth:17; isdataat:!1,relative; content:"hoem.staging.pixelcarve.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290289/; classtype:trojan-activity;sid:81153389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/mhj4x/"; http_uri; depth:19; isdataat:!1,relative; content:"raquelstrutz.edutrovao.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290288/; classtype:trojan-activity;sid:81153388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kfcuow/"; http_uri; depth:17; isdataat:!1,relative; content:"zhangpalace.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290287/; classtype:trojan-activity;sid:81153387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.x86"; http_uri; depth:18; isdataat:!1,relative; content:"5.182.210.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290286/; classtype:trojan-activity;sid:81153386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"5.182.210.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290285/; classtype:trojan-activity;sid:81153385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.mips"; http_uri; depth:19; isdataat:!1,relative; content:"5.182.210.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290284/; classtype:trojan-activity;sid:81153384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"5.182.210.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290283/; classtype:trojan-activity;sid:81153383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"5.182.210.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290282/; classtype:trojan-activity;sid:81153382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"5.182.210.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290281/; classtype:trojan-activity;sid:81153381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm"; http_uri; depth:18; isdataat:!1,relative; content:"5.182.210.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290280/; classtype:trojan-activity;sid:81153380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/oct/69fbq2pf9/"; http_uri; depth:24; isdataat:!1,relative; content:"propertyinpanvel.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290279/; classtype:trojan-activity;sid:81153379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/m99brk-nm-15376/"; http_uri; depth:25; isdataat:!1,relative; content:"dubrovnik.offbeat.guide"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290278/; classtype:trojan-activity;sid:81153378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/49deaai/92497875319306427/3x77f3kv155p/"; http_uri; depth:40; isdataat:!1,relative; content:"phbarangays.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290277/; classtype:trojan-activity;sid:81153377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal-96c9zqz4eoio2mga-ymss2jk/corporate-warehouse/6380749593659-ncg1x7awcpy/"; http_uri; depth:90; isdataat:!1,relative; content:"electronicramblingman.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290276/; classtype:trojan-activity;sid:81153376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/extend/available_array/external_f6ny62weyclufe_zxosksvq09wg3/30414445_iwo4teolux8ym1rb/"; http_uri; depth:88; isdataat:!1,relative; content:"xcx.leadscloud.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290275/; classtype:trojan-activity;sid:81153375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fmubh/il8nbgn3-d28u-09768/"; http_uri; depth:27; isdataat:!1,relative; content:"marketplacesnow.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290274/; classtype:trojan-activity;sid:81153374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/sites/22uzzew7glzb/5-149754596-28280080-upc1acrk-7ob4n/"; http_uri; depth:65; isdataat:!1,relative; content:"www.xhcmnews.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290273/; classtype:trojan-activity;sid:81153373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qhzrp-t5kixlryjtt9ztp_rneanuvt-qj/in_body2020-01-16"; http_uri; depth:60; isdataat:!1,relative; content:"welcomehouse.ca"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290272/; classtype:trojan-activity;sid:81153372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/private-6002550-vafpwiaz3uu/1xgm2v09x8jl-sj4eggl-696036274142-xyjqtr/9239177093-wor1ebgnf9nneex/"; http_uri; depth:102; isdataat:!1,relative; content:"nextpost.company"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290271/; classtype:trojan-activity;sid:81153371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/attachments/"; http_uri; depth:22; isdataat:!1,relative; content:"robottracuum.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290270/; classtype:trojan-activity;sid:81153370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/doc/"; http_uri; depth:13; isdataat:!1,relative; content:"anhungled.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290269/; classtype:trojan-activity;sid:81153369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xeg/"; http_uri; depth:14; isdataat:!1,relative; content:"draminamali.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290268/; classtype:trojan-activity;sid:81153368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/file/8ty2ptp/"; http_uri; depth:17; isdataat:!1,relative; content:"salonchienkelvin.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290267/; classtype:trojan-activity;sid:81153367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wf/clickupn=zdtba4w7fk9zewqxqp8lae-2b1olpnsf6-2birbfxjlxhvxtynlarl2p5rww-2bxfccvcrt-2fypthv7jh0cp9xfpa8v5lyrljk4igzrlcwdhk-2bf0c0xycis5uzb6-2f9jsxbky-2byb7sbanazkfpcjsicyynmq8w6aczr7m-2brfkoenazqtdcm-3d_6fsvafth23c9cvblozpmw-2fyxtxuvckl9bzu-2b4wdvqqawcn9wtrb-2f2l8wnmsrhjyhrcjvi-2fceo-2fg4tggdxdh2dwmkfnhw4wvz1leqy23gp22h15m5kkylae2anjvfgwxsjcszszoghmagmr-2f-2bac0x-2bwur47n3havidrxlzelsymxr48thvluwav7vxinadd2dvtq3zmadqwuaje9ukj-2bd4cyzcpmyxgmwodxjipjt8dqqk8qo4vwrutmblnq2ohyt/"; http_uri; depth:479; isdataat:!1,relative; content:"u3373545.ct.sendgrid.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290266/; classtype:trojan-activity;sid:81153366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/"; http_uri; depth:16; isdataat:!1,relative; content:"berjisposhak.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290265/; classtype:trojan-activity;sid:81153365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/activity/statement/jopen1-74940671-50-v7yxiv3g7-nsbdn0hup17/"; http_uri; depth:61; isdataat:!1,relative; content:"arc.nrru.ac.th"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290264/; classtype:trojan-activity;sid:81153364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.241.224.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290263/; classtype:trojan-activity;sid:81153363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.156.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290262/; classtype:trojan-activity;sid:81153362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.226.156.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290261/; classtype:trojan-activity;sid:81153361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.0.82.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290260/; classtype:trojan-activity;sid:81153360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.199.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290259/; classtype:trojan-activity;sid:81153359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290258/; classtype:trojan-activity;sid:81153358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290257/; classtype:trojan-activity;sid:81153357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftn/invoice/v-1275626081-3329904-cjdkoj-9c0zdn/"; http_uri; depth:48; isdataat:!1,relative; content:"debugger.sk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290256/; classtype:trojan-activity;sid:81153356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/intervalo09012020/or%c3%a7amento2020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290255/; classtype:trojan-activity;sid:81153355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/intervalo09012020/or%c3%a7amento2020-2.zip"; http_uri; depth:43; isdataat:!1,relative; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290254/; classtype:trojan-activity;sid:81153354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/intervalo09012020/or%c3%a7amento2020-1.zip"; http_uri; depth:43; isdataat:!1,relative; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290253/; classtype:trojan-activity;sid:81153353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/portalnfeletronica/nfeletronica03012020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290252/; classtype:trojan-activity;sid:81153352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/invoice/0vg38k-15607600-8667-3mpajjk8-j55iokaml6h/"; http_uri; depth:65; isdataat:!1,relative; content:"en.novemtech.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290251/; classtype:trojan-activity;sid:81153351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/statement/"; http_uri; depth:19; isdataat:!1,relative; content:"fp.upy.ac.id"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290250/; classtype:trojan-activity;sid:81153350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cd/nk.exe"; http_uri; depth:10; isdataat:!1,relative; content:"mellle.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290249/; classtype:trojan-activity;sid:81153349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kn/qu.exe"; http_uri; depth:10; isdataat:!1,relative; content:"mellle.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290248/; classtype:trojan-activity;sid:81153348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jslyzyxy/wu702wusdraj-3f4r45q-sector/8lcix33w-k8l1-space/cdtsgctl2al-lrbnk3yjfl9/"; http_uri; depth:82; isdataat:!1,relative; content:"demo.yzccit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290247/; classtype:trojan-activity;sid:81153347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aguero/aguero.exe"; http_uri; depth:18; isdataat:!1,relative; content:"masabikpanel.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290246/; classtype:trojan-activity;sid:81153346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/invoice/"; http_uri; depth:18; isdataat:!1,relative; content:"farmasi.unram.ac.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290245/; classtype:trojan-activity;sid:81153345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8wl3h/common_sector/special_space/mj69p_y7y0tx0uu8xuzz/"; http_uri; depth:56; isdataat:!1,relative; content:"18.216.104.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290244/; classtype:trojan-activity;sid:81153344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/saloon/document/"; http_uri; depth:17; isdataat:!1,relative; content:"ihairextension.co.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290243/; classtype:trojan-activity;sid:81153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wlrdxb/"; http_uri; depth:27; isdataat:!1,relative; content:"engetrate.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290242/; classtype:trojan-activity;sid:81153342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/report/rptn1s-6130-8206459-rpf1f7-971ntpc35c6j/"; http_uri; depth:57; isdataat:!1,relative; content:"hoangduongknitwear.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290241/; classtype:trojan-activity;sid:81153341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bolld/bolld.exe"; http_uri; depth:16; isdataat:!1,relative; content:"masabikpanel.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290240/; classtype:trojan-activity;sid:81153340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/1n8ibd/jo7-51454-1274-dl2ftp2wsi-v1qxrohrc8m/"; http_uri; depth:64; isdataat:!1,relative; content:"jeremiahyap.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290239/; classtype:trojan-activity;sid:81153339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/yfyvxdrs/"; http_uri; depth:19; isdataat:!1,relative; content:"ft.bem.unram.ac.id"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290238/; classtype:trojan-activity;sid:81153338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/loulou/manager.exe"; http_uri; depth:19; isdataat:!1,relative; content:"a84bl82rni.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290237/; classtype:trojan-activity;sid:81153337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/p9bvk6nspq-3siav4ijrhhwu6w-section/external-area/3931921-jwhcvy3nu/"; http_uri; depth:77; isdataat:!1,relative; content:"houz01.website24g.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290236/; classtype:trojan-activity;sid:81153336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/report/whteypq7/"; http_uri; depth:36; isdataat:!1,relative; content:"kingsland.systemsolution.me"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290235/; classtype:trojan-activity;sid:81153335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/private-disk/individual-5c0fht6spt-lso637997l9ptg/lu7vynvm-y2x3xvz873908/"; http_uri; depth:86; isdataat:!1,relative; content:"fordphamvandong.com.vn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290234/; classtype:trojan-activity;sid:81153334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/public/9i2bgu3se5/"; http_uri; depth:30; isdataat:!1,relative; content:"khannamdo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290233/; classtype:trojan-activity;sid:81153333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/remit/remittance.ps1"; http_uri; depth:21; isdataat:!1,relative; content:"cityofboston.us"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290232/; classtype:trojan-activity;sid:81153332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/remit/payadvice.ps1"; http_uri; depth:20; isdataat:!1,relative; content:"cityofboston.us"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290231/; classtype:trojan-activity;sid:81153331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/3qmai9r-k7hc-2676/"; http_uri; depth:30; isdataat:!1,relative; content:"aapi.co.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290230/; classtype:trojan-activity;sid:81153330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ejuv0zq1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290229/; classtype:trojan-activity;sid:81153329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/blkb7myu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290228/; classtype:trojan-activity;sid:81153328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/karat/wmanager.exe"; http_uri; depth:19; isdataat:!1,relative; content:"a84bl82rni.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290227/; classtype:trojan-activity;sid:81153327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/zfpdebwb7jgm/q3ckn-7785352-0162763-z33sob9f-iwqe0qh/"; http_uri; depth:71; isdataat:!1,relative; content:"nazmulhossainbd.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290226/; classtype:trojan-activity;sid:81153326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/fwv981g-qvvnoaajqb-udgntnir5-8fkv7cr5n6z/security-warehouse/yswc52mu7y3fo2-724s2sz1x3/"; http_uri; depth:95; isdataat:!1,relative; content:"irismin.co.za"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290225/; classtype:trojan-activity;sid:81153325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pay/scan/e55h8omipahn/ubp0pu-0540232-56331-hll8kzk2d-ucb2/"; http_uri; depth:59; isdataat:!1,relative; content:"osama-developer.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290224/; classtype:trojan-activity;sid:81153324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sezu/multifunctional_array/special_portal/z7kjc_264x4t0wv364x/"; http_uri; depth:63; isdataat:!1,relative; content:"www.margalaksana.desa.id"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290223/; classtype:trojan-activity;sid:81153323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/"; http_uri; depth:20; isdataat:!1,relative; content:"mudalang.tanahbumbukab.go.id"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290222/; classtype:trojan-activity;sid:81153322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/closed_module/corporate_063447942_sbvnfgfjk7mu/916243719077_3lvcjyjbsixi99fz/"; http_uri; depth:89; isdataat:!1,relative; content:"nazacrane.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290221/; classtype:trojan-activity;sid:81153321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.96.183.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290220/; classtype:trojan-activity;sid:81153320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.110.16.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290219/; classtype:trojan-activity;sid:81153319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.121.174.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290218/; classtype:trojan-activity;sid:81153318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290217/; classtype:trojan-activity;sid:81153317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.99.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290216/; classtype:trojan-activity;sid:81153316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290215/; classtype:trojan-activity;sid:81153315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.118.212.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290214/; classtype:trojan-activity;sid:81153314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.32.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290213/; classtype:trojan-activity;sid:81153313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sydneytax/public/fvxo-4992-899-v5law5u6e-dgw699lw/"; http_uri; depth:51; isdataat:!1,relative; content:"omnionlineservices.com.au"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290212/; classtype:trojan-activity;sid:81153312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/26432537-6mbjpz-resource/verifiable-warehouse/4142456-5bjpj/"; http_uri; depth:72; isdataat:!1,relative; content:"outsourceoctopus.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290211/; classtype:trojan-activity;sid:81153311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/858m3p5/nqh9j8-zg9f-6735/"; http_uri; depth:26; isdataat:!1,relative; content:"demo-progenajans.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290210/; classtype:trojan-activity;sid:81153310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/asn/swift/"; http_uri; depth:11; isdataat:!1,relative; content:"qsds.go.th"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290209/; classtype:trojan-activity;sid:81153309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lnkvjs235jdhsed/113617_ddc2r9ft2_zone/special_prri8au85r87m_6vf/9bgbmzcd9rr1n4yj_24ww3/"; http_uri; depth:88; isdataat:!1,relative; content:"pubpush.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290208/; classtype:trojan-activity;sid:81153308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/report/af6p-7922-3434-uemhcsgz6yk-4h19v8tz3j/"; http_uri; depth:55; isdataat:!1,relative; content:"smksultanahasma.edu.my"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290207/; classtype:trojan-activity;sid:81153307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/common-95291068999-xwrvzebttw8cq8qo/individual-portal/u2nwor-iz9050vnt/"; http_uri; depth:81; isdataat:!1,relative; content:"politic.weggli.website"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290206/; classtype:trojan-activity;sid:81153306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update/brhwephv/"; http_uri; depth:17; isdataat:!1,relative; content:"jfedemo.dubondinfotech.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290205/; classtype:trojan-activity;sid:81153305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/speechspace/oct/w4d4wlvag/e9-44109126-652-44u4hd1-xeq1bnk02/"; http_uri; depth:61; isdataat:!1,relative; content:"phphosting.osvin.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290204/; classtype:trojan-activity;sid:81153304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/private_resource/yyhjtmns/"; http_uri; depth:31; isdataat:!1,relative; content:"www.freexulai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290203/; classtype:trojan-activity;sid:81153303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/"; http_uri; depth:18; isdataat:!1,relative; content:"salvihvv.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290202/; classtype:trojan-activity;sid:81153302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/available_sector/verifiable_cxcyb95tlf_ort716pc0/9085042_hqztv6m4ib5t/"; http_uri; depth:82; isdataat:!1,relative; content:"smr-63.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290201/; classtype:trojan-activity;sid:81153301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/iesp7ft16sl/"; http_uri; depth:28; isdataat:!1,relative; content:"superlite.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290200/; classtype:trojan-activity;sid:81153300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rgnxlhtz-ne-79/"; http_uri; depth:27; isdataat:!1,relative; content:"gitep.ucpel.edu.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290199/; classtype:trojan-activity;sid:81153299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/common_zone/interior_r80re_az2nbviy5pss1/qz3pv64u_v053wuz4w/"; http_uri; depth:70; isdataat:!1,relative; content:"lapmangfpthanoi.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290198/; classtype:trojan-activity;sid:81153298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/it/attachments/dc8ia70s69/a0mjvo-2759481736-34665-bu86k3st-5hsgn/"; http_uri; depth:66; isdataat:!1,relative; content:"test.wuwdigital.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290197/; classtype:trojan-activity;sid:81153297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/data/ciuc_yyxry7zog3kt_1712344674_owhkx8vkfdfef/interior_profile/f5v3j89hta_swsx/"; http_uri; depth:82; isdataat:!1,relative; content:"amathanhhoa.edu.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290196/; classtype:trojan-activity;sid:81153296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nfhowi0-4m-6193/"; http_uri; depth:29; isdataat:!1,relative; content:"www.omstarfabricators.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290195/; classtype:trojan-activity;sid:81153295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpressjwi/wp-content/etrac/t1-204863787-350310-bufc-u7ewo6rvr/"; http_uri; depth:66; isdataat:!1,relative; content:"testyourwebsitenow.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290194/; classtype:trojan-activity;sid:81153294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/760773767_79sppvf2zr_array/interior_mkwcp7apnr_7p7j/1b4ymppksvb_h5smuhiq1/"; http_uri; depth:79; isdataat:!1,relative; content:"www.freexulai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290193/; classtype:trojan-activity;sid:81153293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/public/b74c21wm8/ro6gn-283-194-3qtoqpvbjh9-zjyb1wqf8zj/"; http_uri; depth:65; isdataat:!1,relative; content:"wangjiaolian.club"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290192/; classtype:trojan-activity;sid:81153292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/nzzqyyphb/"; http_uri; depth:14; isdataat:!1,relative; content:"tourntreksolutions.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290191/; classtype:trojan-activity;sid:81153291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/closed-n35ptksaz-ih46ik3qh/individual-lvd5m4x8-01k4klv2/uyf8sns4t-zmgbialm9i6y/"; http_uri; depth:89; isdataat:!1,relative; content:"whatmakesdifference.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290190/; classtype:trojan-activity;sid:81153290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/73sfyfdu9moh/nlwwuq-789862-48106739-wg9s-234du87n/"; http_uri; depth:70; isdataat:!1,relative; content:"www.donebydewitt.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290189/; classtype:trojan-activity;sid:81153289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3jnv8bac"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290188/; classtype:trojan-activity;sid:81153288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftk/e25z-p7fvfin9-section/open-portal/z6by7d49qq-0w0tut7w9u/"; http_uri; depth:61; isdataat:!1,relative; content:"www.cmsw.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290187/; classtype:trojan-activity;sid:81153287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3d57f2e29e98620afff23821ebb7f915/available-disk/additional-area/79214980286-zcbds/"; http_uri; depth:83; isdataat:!1,relative; content:"www.healthcorner.ae"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290186/; classtype:trojan-activity;sid:81153286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/balance/buyruyyw2alx/mo7-32391-959231-7wdvs-cbdubbkb/"; http_uri; depth:66; isdataat:!1,relative; content:"pedagogika.ndpi.uz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290185/; classtype:trojan-activity;sid:81153285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290184/; classtype:trojan-activity;sid:81153284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.188.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290183/; classtype:trojan-activity;sid:81153283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290182/; classtype:trojan-activity;sid:81153282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.96.166.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290181/; classtype:trojan-activity;sid:81153281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.209.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290180/; classtype:trojan-activity;sid:81153280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290179/; classtype:trojan-activity;sid:81153279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.94.82.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290178/; classtype:trojan-activity;sid:81153278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290177/; classtype:trojan-activity;sid:81153277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.71.120.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290176/; classtype:trojan-activity;sid:81153276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.110.18.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290175/; classtype:trojan-activity;sid:81153275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290174/; classtype:trojan-activity;sid:81153274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.73.188.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290173/; classtype:trojan-activity;sid:81153273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290172/; classtype:trojan-activity;sid:81153272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/common-yy7-j6ln1ix5puwur/guarded-676273059306-n9cj4s1zgox6/295318862-zuzvlgd69yepakve/"; http_uri; depth:96; isdataat:!1,relative; content:"zinoautoindustries.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290171/; classtype:trojan-activity;sid:81153271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/ebyvrc-4925316-692798400-jffd-cazoc1eudirv/"; http_uri; depth:49; isdataat:!1,relative; content:"test.ffmpoman.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290170/; classtype:trojan-activity;sid:81153270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/private-resource/corporate-y736qvdxcrrtvr-e72/pndimnam6gia-iguwnx4gx/"; http_uri; depth:76; isdataat:!1,relative; content:"www.partyatthebeach.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290168/; classtype:trojan-activity;sid:81153268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/twvq89xe/"; http_uri; depth:27; isdataat:!1,relative; content:"ourociclo.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290167/; classtype:trojan-activity;sid:81153267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrm/tfnoozaf/"; http_uri; depth:14; isdataat:!1,relative; content:"burakbayraktaroglu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290166/; classtype:trojan-activity;sid:81153266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iovswu/closed-84850-t6hxnnypjxuz/external-cloud/9wv50vwtxh-6zjvvyo1vz6ld/"; http_uri; depth:74; isdataat:!1,relative; content:"trienviet.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290165/; classtype:trojan-activity;sid:81153265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/edu-xoop/scan/3-966763-876667361-oguhwn5v-ft6y7t23j/"; http_uri; depth:53; isdataat:!1,relative; content:"www.bluedog.tw"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290164/; classtype:trojan-activity;sid:81153264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mi/swift/7tcso47mit1/p1v2hua-53400-919137-zraknb-3oj8c3zimoif/"; http_uri; depth:63; isdataat:!1,relative; content:"www.ppmakrifatulilmi.or.id"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290163/; classtype:trojan-activity;sid:81153263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/common-module/security-cloud/amg5b-rllnm2dggft2i/"; http_uri; depth:62; isdataat:!1,relative; content:"www.mois.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290162/; classtype:trojan-activity;sid:81153262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rrm/40g-a2wp-3090/"; http_uri; depth:19; isdataat:!1,relative; content:"burakbayraktaroglu.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290161/; classtype:trojan-activity;sid:81153261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/5wr1d_z7jw3rdygfy_u1hkux_op6xoa5yd/close_area/9675308_txeqjb2o/"; http_uri; depth:75; isdataat:!1,relative; content:"liverarte.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290160/; classtype:trojan-activity;sid:81153260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/documentation/40-8723721-33993907-ag3hzmygx-szj8/"; http_uri; depth:58; isdataat:!1,relative; content:"www.satang2.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290159/; classtype:trojan-activity;sid:81153259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/64vvfq/emcworfc/"; http_uri; depth:17; isdataat:!1,relative; content:"ocl.giipinfo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290158/; classtype:trojan-activity;sid:81153258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/igaksolzu/"; http_uri; depth:20; isdataat:!1,relative; content:"volkvangrada.mda20.staging.rapide.software"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290157/; classtype:trojan-activity;sid:81153257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/4w6lecjsu7-io4l5p-12794/"; http_uri; depth:34; isdataat:!1,relative; content:"wordpress-209154-1095414.cloudwaysapps.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290156/; classtype:trojan-activity;sid:81153256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/aokvcm/"; http_uri; depth:16; isdataat:!1,relative; content:"reports.pixelcarve.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290155/; classtype:trojan-activity;sid:81153255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ixr/g3n-9tb9-46/"; http_uri; depth:29; isdataat:!1,relative; content:"atme.miri.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290154/; classtype:trojan-activity;sid:81153254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wofk253jeksed/b6v73wj-8svw-3832/"; http_uri; depth:33; isdataat:!1,relative; content:"myphamonline.chotayninh.vn"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290153/; classtype:trojan-activity;sid:81153253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/closed_zone/test_forum/42057603_hphxgtvflblfif/"; http_uri; depth:59; isdataat:!1,relative; content:"johnsuch.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290152/; classtype:trojan-activity;sid:81153252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-admin/lm/"; http_uri; depth:16; isdataat:!1,relative; content:"bncc.ac.th"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290151/; classtype:trojan-activity;sid:81153251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/contactus/open_disk/additional_cloud/79926548823_a82hw3/"; http_uri; depth:57; isdataat:!1,relative; content:"prolificfurnitures.in"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290150/; classtype:trojan-activity;sid:81153250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/reporting/fq25w5m3ruaq/6s1p-2312455007-8189-y76u2jpngtm-3yyr6in3/"; http_uri; depth:75; isdataat:!1,relative; content:"www.wellsports.biz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290149/; classtype:trojan-activity;sid:81153249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/iecgcfa/"; http_uri; depth:19; isdataat:!1,relative; content:"cameli.vn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290148/; classtype:trojan-activity;sid:81153248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/open-1kjko8fkk1-ysttqo4ug/open-forum/6bock82q168xbdp-37v5493xx/"; http_uri; depth:75; isdataat:!1,relative; content:"hebreoenlinea-chms.mx"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290147/; classtype:trojan-activity;sid:81153247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/fw4i-543280-494-zsrxyi-gyy4/"; http_uri; depth:43; isdataat:!1,relative; content:"champamusic.000webhostapp.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290146/; classtype:trojan-activity;sid:81153246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"//test777/protected-kvx8k8-irmydxtsxi6bfqs/5055840623-d9bzvlcot-cloud/j688ef8q-vss1zyw8/"; http_uri; depth:88; isdataat:!1,relative; content:"logitransport.com.ec"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290145/; classtype:trojan-activity;sid:81153245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/jwkyhl/"; http_uri; depth:18; isdataat:!1,relative; content:"cameli.vn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290144/; classtype:trojan-activity;sid:81153244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web_map/scan/n6vviw/91-9769365-692-d6wna-9hik0nvlkrl/"; http_uri; depth:54; isdataat:!1,relative; content:"newgrowth.marketing"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290143/; classtype:trojan-activity;sid:81153243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/protected-section/external-forum/029173743-9gqqpvhethw/"; http_uri; depth:68; isdataat:!1,relative; content:"nusantara86.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290142/; classtype:trojan-activity;sid:81153242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/t17a4o-5688-3202674-vsgoz3iw-lknm0wxih/"; http_uri; depth:59; isdataat:!1,relative; content:"jsd618.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290141/; classtype:trojan-activity;sid:81153241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/5181988547_p8osqze9xh2pwdno_section/open_space/vb1kl7ivx1vy_htost6lj4s6gh/"; http_uri; depth:85; isdataat:!1,relative; content:"cameli.vn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290140/; classtype:trojan-activity;sid:81153240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demo/andywordpress/wp-content/payment/yz3ocshxn/1mzzdrn-32645675-361-lh46ru-zm3yhc5juppi/"; http_uri; depth:90; isdataat:!1,relative; content:"atomlines.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290139/; classtype:trojan-activity;sid:81153239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/lmkwu1/hz8397-374316-77673-ec8jd7-kwvikth6m4/"; http_uri; depth:62; isdataat:!1,relative; content:"pantaiharapan-berau.desa.id"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290138/; classtype:trojan-activity;sid:81153238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.136.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290137/; classtype:trojan-activity;sid:81153237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290136/; classtype:trojan-activity;sid:81153236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.52.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290135/; classtype:trojan-activity;sid:81153235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290134/; classtype:trojan-activity;sid:81153234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290133/; classtype:trojan-activity;sid:81153233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.127.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290132/; classtype:trojan-activity;sid:81153232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290131/; classtype:trojan-activity;sid:81153231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290130/; classtype:trojan-activity;sid:81153230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.134.133.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290129/; classtype:trojan-activity;sid:81153229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/6q4wno8eoqx9i/8r3580019/"; http_uri; depth:44; isdataat:!1,relative; content:"cncgate.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290128/; classtype:trojan-activity;sid:81153228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/grohafln/"; http_uri; depth:19; isdataat:!1,relative; content:"panganobat.lipi.go.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290127/; classtype:trojan-activity;sid:81153227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/9-032702-4112933-y6jk-78m63nd0b2/"; http_uri; depth:42; isdataat:!1,relative; content:"philippines.findsr.co"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290126/; classtype:trojan-activity;sid:81153226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/balance/m-648596620-1750069-31e6-2ir24360ufl/"; http_uri; depth:54; isdataat:!1,relative; content:"www.materialsscienceconferences.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290125/; classtype:trojan-activity;sid:81153225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qhsk.dat"; http_uri; depth:9; isdataat:!1,relative; content:"yestroy-bg.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290124/; classtype:trojan-activity;sid:81153224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gkae.dat"; http_uri; depth:9; isdataat:!1,relative; content:"yestroy-bg.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290123/; classtype:trojan-activity;sid:81153223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/keoiq.dat"; http_uri; depth:10; isdataat:!1,relative; content:"yestroy-bg.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290122/; classtype:trojan-activity;sid:81153222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rahebikaran.ir/ckzi/"; http_uri; depth:21; isdataat:!1,relative; content:"salnamemohammad.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290121/; classtype:trojan-activity;sid:81153221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vcpo/qnq19phwadke/nkdru-4998011-10-qq4m9og2-d2ka5hesau4/"; http_uri; depth:57; isdataat:!1,relative; content:"www.jntv.tv"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290120/; classtype:trojan-activity;sid:81153220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/..j/arm7"; http_uri; depth:9; isdataat:!1,relative; content:"91.92.66.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290119/; classtype:trojan-activity;sid:81153219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/..j/arm"; http_uri; depth:8; isdataat:!1,relative; content:"91.92.66.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290118/; classtype:trojan-activity;sid:81153218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/..j/.j"; http_uri; depth:7; isdataat:!1,relative; content:"91.92.66.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290117/; classtype:trojan-activity;sid:81153217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.44.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290116/; classtype:trojan-activity;sid:81153216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/protected-module/verified-624541052-vvvwaapkbahmfwq/4111544711-2losmmi6f/"; http_uri; depth:74; isdataat:!1,relative; content:"omanfleethtml.neomeric.us"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290115/; classtype:trojan-activity;sid:81153215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/paclm/wl6-815419-816878-j2nqd0ufog-5rbqljnx1lns/"; http_uri; depth:56; isdataat:!1,relative; content:"drurmilasoman.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290114/; classtype:trojan-activity;sid:81153214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tag/wp0p9xw4-0k-635/"; http_uri; depth:21; isdataat:!1,relative; content:"student.iiatlanta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290113/; classtype:trojan-activity;sid:81153213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/honpawk24jdsa/statement/w6cl-8191-2013434-p5fe-ulnh48smm/"; http_uri; depth:58; isdataat:!1,relative; content:"epzsz.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290112/; classtype:trojan-activity;sid:81153212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gstore/closed_section/test_warehouse/824070_iehq1zxxzm/"; http_uri; depth:56; isdataat:!1,relative; content:"econsultio.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290111/; classtype:trojan-activity;sid:81153211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/report/kv7kqr/"; http_uri; depth:24; isdataat:!1,relative; content:"www.tigersbytribals.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290110/; classtype:trojan-activity;sid:81153210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/5pvz-h9wqj-77075/"; http_uri; depth:29; isdataat:!1,relative; content:"www.wxet.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290109/; classtype:trojan-activity;sid:81153209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/closed-732298038222-v9cnm8fubxi1/guarded-space/vyvlk-j0f5n67haklsh/"; http_uri; depth:77; isdataat:!1,relative; content:"www.innovation4crisis.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290108/; classtype:trojan-activity;sid:81153208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sxllakyx9u/"; http_uri; depth:20; isdataat:!1,relative; content:"demo.artesfide.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290107/; classtype:trojan-activity;sid:81153207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/7g6f/7g6f/"; http_uri; depth:20; isdataat:!1,relative; content:"panvelpropertyproject.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290106/; classtype:trojan-activity;sid:81153206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toolsl/k7nje10245/"; http_uri; depth:19; isdataat:!1,relative; content:"niuconstruction.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290105/; classtype:trojan-activity;sid:81153205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/z8jm5lop/"; http_uri; depth:29; isdataat:!1,relative; content:"pbs.onsisdev.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290104/; classtype:trojan-activity;sid:81153204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lh/"; http_uri; depth:15; isdataat:!1,relative; content:"guilhermebasilio.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290103/; classtype:trojan-activity;sid:81153203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xhjsw/"; http_uri; depth:16; isdataat:!1,relative; content:"www.nnjastudio.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290102/; classtype:trojan-activity;sid:81153202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/yz98swy6/"; http_uri; depth:19; isdataat:!1,relative; content:"giatlalaocai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290101/; classtype:trojan-activity;sid:81153201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/tznj/"; http_uri; depth:13; isdataat:!1,relative; content:"www.meggie-jp.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290100/; classtype:trojan-activity;sid:81153200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/mtq/"; http_uri; depth:14; isdataat:!1,relative; content:"maphagroup.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290099/; classtype:trojan-activity;sid:81153199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rcz9/"; http_uri; depth:17; isdataat:!1,relative; content:"ajhmanamlak.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290098/; classtype:trojan-activity;sid:81153198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/4to1k2ymv/"; http_uri; depth:26; isdataat:!1,relative; content:"freshbooking.nrglobal.asia"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290097/; classtype:trojan-activity;sid:81153197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin.exe"; http_uri; depth:8; isdataat:!1,relative; content:"milappresses.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290096/; classtype:trojan-activity;sid:81153196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.bin"; http_uri; depth:10; isdataat:!1,relative; content:"sugracreeks.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290095/; classtype:trojan-activity;sid:81153195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/closed-array/qcgsd2-ni64bb5zvln5ob-30833278308-2gxql87pqq/719669387126-njvjh0ke0fsicv/"; http_uri; depth:96; isdataat:!1,relative; content:"masjidmarketing.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290094/; classtype:trojan-activity;sid:81153194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/22ggv8z-ma0p-49/"; http_uri; depth:36; isdataat:!1,relative; content:"omuzgor.tj"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290093/; classtype:trojan-activity;sid:81153193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/open_section/test_portal/2030872788_diotenzg/"; http_uri; depth:57; isdataat:!1,relative; content:"teleblog24.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290092/; classtype:trojan-activity;sid:81153192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gabbiano/protected-box/open-1ijitaup1-ywax/pbytwdpoywe-hie39rjfqohno/"; http_uri; depth:70; isdataat:!1,relative; content:"www.gabbianoonlus.it"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290091/; classtype:trojan-activity;sid:81153191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/latssnvp.bin"; http_uri; depth:13; isdataat:!1,relative; content:"185.29.10.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290090/; classtype:trojan-activity;sid:81153190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/managerl/protected-array/security-space/7538535878320-oajm57cre8r3/"; http_uri; depth:68; isdataat:!1,relative; content:"quintaldearteseterapia.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290089/; classtype:trojan-activity;sid:81153189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/zrhso-v1-9731/"; http_uri; depth:26; isdataat:!1,relative; content:"www.hometrotting.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290088/; classtype:trojan-activity;sid:81153188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lalea/available-box/schauquo8xju3-rg6m2o5wxa-portal/ie4k0lxl-9em3huhlnvej/"; http_uri; depth:75; isdataat:!1,relative; content:"phongduc.com.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290087/; classtype:trojan-activity;sid:81153187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/no.exe"; http_uri; depth:10; isdataat:!1,relative; content:"turnkeycre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290086/; classtype:trojan-activity;sid:81153186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.236.37.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290085/; classtype:trojan-activity;sid:81153185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290084/; classtype:trojan-activity;sid:81153184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"95.32.167.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290083/; classtype:trojan-activity;sid:81153183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.14.15.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290082/; classtype:trojan-activity;sid:81153182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/et0a/4cgvk2-205h-968/"; http_uri; depth:22; isdataat:!1,relative; content:"blog.kpourkarite.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290081/; classtype:trojan-activity;sid:81153181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/protected_sector/test_warehouse/304200_pga3vr/"; http_uri; depth:58; isdataat:!1,relative; content:"www.hosting8493.af94e.netcup.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290080/; classtype:trojan-activity;sid:81153180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/l31-nr-49/"; http_uri; depth:23; isdataat:!1,relative; content:"glimpse.com.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290079/; classtype:trojan-activity;sid:81153179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pfkj/croduodf-asuysvf4b534m-section/hlgtju6q-dzmcjtb5-forum/v7qsqgkvz-qvhwy6a8n8/"; http_uri; depth:82; isdataat:!1,relative; content:"releases.hubble.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290078/; classtype:trojan-activity;sid:81153178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/l7hyd/private_sector/9411952_80txjhdkks_cloud/za6ahbfsa_tsux0s4591x/"; http_uri; depth:69; isdataat:!1,relative; content:"myb2bcoach.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290077/; classtype:trojan-activity;sid:81153177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/welcomes.exe"; http_uri; depth:13; isdataat:!1,relative; content:"185.29.10.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290076/; classtype:trojan-activity;sid:81153176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/hfrulx/"; http_uri; depth:23; isdataat:!1,relative; content:"drbaterias.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290075/; classtype:trojan-activity;sid:81153175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arinze/arinze.exe"; http_uri; depth:18; isdataat:!1,relative; content:"masabikpanel.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290074/; classtype:trojan-activity;sid:81153174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x4jqp8bg/kp022z-hi-48082/"; http_uri; depth:26; isdataat:!1,relative; content:"hassan-khalaj.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290073/; classtype:trojan-activity;sid:81153173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rnmx88e5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290072/; classtype:trojan-activity;sid:81153172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/closed-disk/corporate-warehouse/fzv-5z5933/"; http_uri; depth:49; isdataat:!1,relative; content:"www.starhrs.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290071/; classtype:trojan-activity;sid:81153171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/f21ar5hw/s0hy-451116509-382830-2zdx-vtlyh2yis/"; http_uri; depth:63; isdataat:!1,relative; content:"drbaterias.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290070/; classtype:trojan-activity;sid:81153170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/adobe-reader-pdf-plugin-5.1.2.exe"; http_uri; depth:38; isdataat:!1,relative; content:"www.3agirl.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290069/; classtype:trojan-activity;sid:81153169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/k0j-50qq-334/"; http_uri; depth:23; isdataat:!1,relative; content:"draminamali.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290068/; classtype:trojan-activity;sid:81153168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/closed-module/guarded-portal/853512718402-3tqalpoumh7/"; http_uri; depth:64; isdataat:!1,relative; content:"panvelpropertyproject.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290067/; classtype:trojan-activity;sid:81153167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sites/9oqkdnv-442160231-7008-derhy4058k-s4mth04hp/"; http_uri; depth:63; isdataat:!1,relative; content:"www.iguatemycontainers.hospedagemdesites.ws"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290066/; classtype:trojan-activity;sid:81153166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.107.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290065/; classtype:trojan-activity;sid:81153165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.171.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290064/; classtype:trojan-activity;sid:81153164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.52.179.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290063/; classtype:trojan-activity;sid:81153163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.216.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290062/; classtype:trojan-activity;sid:81153162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.4.193.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290061/; classtype:trojan-activity;sid:81153161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.105.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290060/; classtype:trojan-activity;sid:81153160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.211.64.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290059/; classtype:trojan-activity;sid:81153159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.149.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290058/; classtype:trojan-activity;sid:81153158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.35.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290057/; classtype:trojan-activity;sid:81153157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290056/; classtype:trojan-activity;sid:81153156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290055/; classtype:trojan-activity;sid:81153155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/protected_disk/122176_tk45usaprkf87_cloud/7kw0_2x07w4w0x4w/"; http_uri; depth:63; isdataat:!1,relative; content:"kolpino-sppk.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290054/; classtype:trojan-activity;sid:81153154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploadfile/ueditor/image/20190301/10327905pdf.png"; http_uri; depth:50; isdataat:!1,relative; content:"di10.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290053/; classtype:trojan-activity;sid:81153153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pc/po.exe"; http_uri; depth:10; isdataat:!1,relative; content:"mellle.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290052/; classtype:trojan-activity;sid:81153152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gstore/protected-array/additional-portal/ll1fodlowtn-n4fh0zh7ndow/"; http_uri; depth:67; isdataat:!1,relative; content:"arlive.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290051/; classtype:trojan-activity;sid:81153151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/reporting/jz9y9ezipeha/pxvbhc-0379630719-29141102-npg0yf8xnvc-8qyz8o6ukm/"; http_uri; depth:85; isdataat:!1,relative; content:"alac.vn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290050/; classtype:trojan-activity;sid:81153150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/q0djob-6hc-95718/"; http_uri; depth:30; isdataat:!1,relative; content:"visahot365.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290049/; classtype:trojan-activity;sid:81153149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/parts_service/jwkbeqa/"; http_uri; depth:33; isdataat:!1,relative; content:"wpdev.strativ-support.se"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290048/; classtype:trojan-activity;sid:81153148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/protected_section/verifiable_6v1ac0mtzba6iz_julns/11t7zr_vodt1fuf/"; http_uri; depth:81; isdataat:!1,relative; content:"www.bestcompany.eng.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290047/; classtype:trojan-activity;sid:81153147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/public/desfiurh98m1/9qocxg-31561-520-sjs4od4i-zwiml/"; http_uri; depth:65; isdataat:!1,relative; content:"reenasfashions.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290046/; classtype:trojan-activity;sid:81153146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/66767160384_fwfgurkzb24n_section/guarded_mcds9fxvzt_xnxlgdv62pd/5705149_dxtgf8xxr/"; http_uri; depth:94; isdataat:!1,relative; content:"www.plglbd.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290045/; classtype:trojan-activity;sid:81153145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/bnbyabwji/"; http_uri; depth:19; isdataat:!1,relative; content:"linda.sokakbul.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290044/; classtype:trojan-activity;sid:81153144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/odbn5587x-gm6n8yx-753/"; http_uri; depth:35; isdataat:!1,relative; content:"annual-impact-report-2017.sobrato.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290043/; classtype:trojan-activity;sid:81153143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ix5y-5tv51eak-64127912/"; http_uri; depth:33; isdataat:!1,relative; content:"coreipservices.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290042/; classtype:trojan-activity;sid:81153142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/waxbuymw/"; http_uri; depth:21; isdataat:!1,relative; content:"www.yule007.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290041/; classtype:trojan-activity;sid:81153141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/4inw-w9ygjt-852967646/"; http_uri; depth:36; isdataat:!1,relative; content:"blh.bettercre.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290040/; classtype:trojan-activity;sid:81153140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zfan-u5m-47/"; http_uri; depth:22; isdataat:!1,relative; content:"cheapwebvn.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290039/; classtype:trojan-activity;sid:81153139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/report/lexg7528kag/90w-31485164-834-pjhlff-nz42yl/"; http_uri; depth:63; isdataat:!1,relative; content:"indochains.ventgor.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290038/; classtype:trojan-activity;sid:81153138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/955623-owl12pmkhu7mvr-490541-kzjjee/open-portal/mz5os1afgnw37-34wvvu9v/"; http_uri; depth:83; isdataat:!1,relative; content:"er24.com.ar"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290037/; classtype:trojan-activity;sid:81153137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"79.40.107.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290036/; classtype:trojan-activity;sid:81153136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/reporting/3gz-991579-468759681-a8i5-ru18xmmw2ct5/"; http_uri; depth:53; isdataat:!1,relative; content:"pdfdownload.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290035/; classtype:trojan-activity;sid:81153135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zooka/multifunctional-961877464-fwxexkzz78kmbm/410095-9nw7ch-ccdwci5r-mwwughih/657706-ywg4d/"; http_uri; depth:93; isdataat:!1,relative; content:"anaiskoivisto.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290034/; classtype:trojan-activity;sid:81153134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"182.233.0.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290033/; classtype:trojan-activity;sid:81153133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/statement/"; http_uri; depth:22; isdataat:!1,relative; content:"www.mellydiacosmetik.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290032/; classtype:trojan-activity;sid:81153132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paytabs/7285044_vv7tcvxh_resource/test_emsr79_1179alely1/cmyoff_weekwvzz/"; http_uri; depth:74; isdataat:!1,relative; content:"deals.autostar.com.sa"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290031/; classtype:trojan-activity;sid:81153131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal-box/verified-135660-w7h4mv/8ehtgonaz-i4tbajlz725rw/"; http_uri; depth:70; isdataat:!1,relative; content:"playlife17.ir"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290030/; classtype:trojan-activity;sid:81153130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/jdf/"; http_uri; depth:26; isdataat:!1,relative; content:"blog.fastcommerz.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290029/; classtype:trojan-activity;sid:81153129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9b27905b275987900e62033d319ca929/am215266/"; http_uri; depth:43; isdataat:!1,relative; content:"baotintuc60.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290028/; classtype:trojan-activity;sid:81153128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shf/fgv8yvzxbg/"; http_uri; depth:16; isdataat:!1,relative; content:"blog.schlichte.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290027/; classtype:trojan-activity;sid:81153127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/fjqkf46951/"; http_uri; depth:23; isdataat:!1,relative; content:"osmimedia.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290026/; classtype:trojan-activity;sid:81153126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/kk685629/"; http_uri; depth:29; isdataat:!1,relative; content:"www.thehto.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290025/; classtype:trojan-activity;sid:81153125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paytabs/available_zone/5621654735_wk8cxfcdi5_ct4_wl7xfnqijara/560402_yo7iogevjgug4c/"; http_uri; depth:85; isdataat:!1,relative; content:"deals.autostar.com.sa"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290024/; classtype:trojan-activity;sid:81153124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/c8nplju/"; http_uri; depth:20; isdataat:!1,relative; content:"stayfitphysio.ca"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290023/; classtype:trojan-activity;sid:81153123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/common_disk/test_area/bwczxnyijdl_n276rhht/"; http_uri; depth:56; isdataat:!1,relative; content:"www.shackcom.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290022/; classtype:trojan-activity;sid:81153122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/docs/2awyqyvuu/"; http_uri; depth:20; isdataat:!1,relative; content:"mattans.com.sg"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290021/; classtype:trojan-activity;sid:81153121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_oud/etrac/ygitibrt45/bszk1-848-7430-rbxvrt5xj-qlak4ggw3/"; http_uri; depth:58; isdataat:!1,relative; content:"theoriekort.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290020/; classtype:trojan-activity;sid:81153120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/htum63ickwvw2_mhnfd_ou75xck_n1wgs6x/verified_area/99030729526277_lfi0z4f/"; http_uri; depth:78; isdataat:!1,relative; content:"revasa.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290019/; classtype:trojan-activity;sid:81153119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.183.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290018/; classtype:trojan-activity;sid:81153118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.228.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290017/; classtype:trojan-activity;sid:81153117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.185.118.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290016/; classtype:trojan-activity;sid:81153116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.83.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290015/; classtype:trojan-activity;sid:81153115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.24.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290014/; classtype:trojan-activity;sid:81153114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290013/; classtype:trojan-activity;sid:81153113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.222.207.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290012/; classtype:trojan-activity;sid:81153112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.56.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290011/; classtype:trojan-activity;sid:81153111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.117.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290010/; classtype:trojan-activity;sid:81153110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290009/; classtype:trojan-activity;sid:81153109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.41.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290008/; classtype:trojan-activity;sid:81153108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.3.115.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290007/; classtype:trojan-activity;sid:81153107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.211.65.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290006/; classtype:trojan-activity;sid:81153106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.45.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290005/; classtype:trojan-activity;sid:81153105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.24.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290004/; classtype:trojan-activity;sid:81153104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.199.46.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290003/; classtype:trojan-activity;sid:81153103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290002/; classtype:trojan-activity;sid:81153102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.17.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290001/; classtype:trojan-activity;sid:81153101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cache/reporting/vworwiu/n-4545-12505-tg0k-jo5qwwjh/"; http_uri; depth:52; isdataat:!1,relative; content:"www.art-centar.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/290000/; classtype:trojan-activity;sid:81153100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oct/"; http_uri; depth:5; isdataat:!1,relative; content:"www.initsafe.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289999/; classtype:trojan-activity;sid:81153099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/ginwl/"; http_uri; depth:11; isdataat:!1,relative; content:"girlem.site"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289998/; classtype:trojan-activity;sid:81153098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/t_file_wp/s2lo6sk1sr5fnz/cgk4dh8pn/a-970948078-31708-1v4mn6oqf-8fld5mhli7/"; http_uri; depth:94; isdataat:!1,relative; content:"mycity.citywork.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289997/; classtype:trojan-activity;sid:81153097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/doc/68pi4-3067044-8229664-d0shtyk-5hva/"; http_uri; depth:46; isdataat:!1,relative; content:"vancouverlawoffice.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289996/; classtype:trojan-activity;sid:81153096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/balance/"; http_uri; depth:28; isdataat:!1,relative; content:"www.kev.si"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289995/; classtype:trojan-activity;sid:81153095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gny6p8-jbd-686/"; http_uri; depth:27; isdataat:!1,relative; content:"smg-column.esp.ne.jp"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289994/; classtype:trojan-activity;sid:81153094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/52lzrdnaf/paclm/"; http_uri; depth:17; isdataat:!1,relative; content:"host1669309.hostland.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289993/; classtype:trojan-activity;sid:81153093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/um3n1n/w6tkx-78533-367040-8id0cx-eowqpo2nhvts/"; http_uri; depth:62; isdataat:!1,relative; content:"stikeshangtuahsby-library.ac.id"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289992/; classtype:trojan-activity;sid:81153092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/swift/"; http_uri; depth:19; isdataat:!1,relative; content:"association.charityteq.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289991/; classtype:trojan-activity;sid:81153091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/attachments/ojed9zo/"; http_uri; depth:33; isdataat:!1,relative; content:"truckshops.ir"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289990/; classtype:trojan-activity;sid:81153090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jtwgaptrc/"; http_uri; depth:22; isdataat:!1,relative; content:"dev.prospekttraining.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289989/; classtype:trojan-activity;sid:81153089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/remittance_advice.jar"; http_uri; depth:22; isdataat:!1,relative; content:"www.hfpublisher.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289988/; classtype:trojan-activity;sid:81153088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/znq-40557-10-46jw2178y-heacf6qvf/"; http_uri; depth:48; isdataat:!1,relative; content:"saharrajabiyan.ir"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289987/; classtype:trojan-activity;sid:81153087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/reporting/3w70wjr33/lb-868-824677-9pzzuh5uj-jsl18/"; http_uri; depth:51; isdataat:!1,relative; content:"beta.pterosol.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289986/; classtype:trojan-activity;sid:81153086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/au-bf9m-756685/"; http_uri; depth:27; isdataat:!1,relative; content:"thuvu.vn"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289985/; classtype:trojan-activity;sid:81153085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/esp/oxqauqbh/"; http_uri; depth:23; isdataat:!1,relative; content:"starjobs.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289984/; classtype:trojan-activity;sid:81153084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fv55o1mi/mje/"; http_uri; depth:14; isdataat:!1,relative; content:"asbeautyclinic.com.ar"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289983/; classtype:trojan-activity;sid:81153083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"139.170.180.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289982/; classtype:trojan-activity;sid:81153082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289981/; classtype:trojan-activity;sid:81153081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.124.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289980/; classtype:trojan-activity;sid:81153080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289979/; classtype:trojan-activity;sid:81153079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.110.18.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289978/; classtype:trojan-activity;sid:81153078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.84.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289977/; classtype:trojan-activity;sid:81153077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289976/; classtype:trojan-activity;sid:81153076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.90.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289975/; classtype:trojan-activity;sid:81153075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.217.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289974/; classtype:trojan-activity;sid:81153074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.208.200.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289973/; classtype:trojan-activity;sid:81153073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.128.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289972/; classtype:trojan-activity;sid:81153072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.67.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289971/; classtype:trojan-activity;sid:81153071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.216.111.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289970/; classtype:trojan-activity;sid:81153070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289969/; classtype:trojan-activity;sid:81153069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.19.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289968/; classtype:trojan-activity;sid:81153068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.4.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289967/; classtype:trojan-activity;sid:81153067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/5jq6s9yhdvsz/"; http_uri; depth:33; isdataat:!1,relative; content:"www.vgxph.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289966/; classtype:trojan-activity;sid:81153066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/documentation/ffatpq/k1-6453991-031022817-mtca07-id9wzxp27l/"; http_uri; depth:68; isdataat:!1,relative; content:"www.0931tangfc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289965/; classtype:trojan-activity;sid:81153065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stage/w9w1og-x6w-884902/"; http_uri; depth:25; isdataat:!1,relative; content:"rainbowcakery.hk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289964/; classtype:trojan-activity;sid:81153064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/6cbdei/"; http_uri; depth:24; isdataat:!1,relative; content:"swanktech.my"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289963/; classtype:trojan-activity;sid:81153063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_notes/oct/l-72011-30922-ayp2r7z-pumil/"; http_uri; depth:40; isdataat:!1,relative; content:"www.ppta.ps"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289962/; classtype:trojan-activity;sid:81153062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/7f0c8-otp-629629/"; http_uri; depth:27; isdataat:!1,relative; content:"staging.masterauto.in"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289961/; classtype:trojan-activity;sid:81153061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/swift/"; http_uri; depth:15; isdataat:!1,relative; content:"www.michelpascal.tv"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289960/; classtype:trojan-activity;sid:81153060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/25824/"; http_uri; depth:16; isdataat:!1,relative; content:"www.shuoyuanjyjg.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289959/; classtype:trojan-activity;sid:81153059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/eeuvu/"; http_uri; depth:14; isdataat:!1,relative; content:"emartdigital.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289958/; classtype:trojan-activity;sid:81153058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/lo0z89uxdu/h-9609-753434-thcbm31q-gdk026lsfdn/"; http_uri; depth:65; isdataat:!1,relative; content:"www.sisenet.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289957/; classtype:trojan-activity;sid:81153057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/mj/"; http_uri; depth:16; isdataat:!1,relative; content:"purshakar.recordraisers.in"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289956/; classtype:trojan-activity;sid:81153056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/hrgb37u720/"; http_uri; depth:25; isdataat:!1,relative; content:"rabittips.web.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289955/; classtype:trojan-activity;sid:81153055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/p14.exe"; http_uri; depth:11; isdataat:!1,relative; content:"turnkeycre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289954/; classtype:trojan-activity;sid:81153054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/r51bbiim"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289953/; classtype:trojan-activity;sid:81153053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/paclm/"; http_uri; depth:10; isdataat:!1,relative; content:"www.propertyanywherenow.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289952/; classtype:trojan-activity;sid:81153052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/20.exe"; http_uri; depth:10; isdataat:!1,relative; content:"turnkeycre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289951/; classtype:trojan-activity;sid:81153051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/p15.exe"; http_uri; depth:11; isdataat:!1,relative; content:"turnkeycre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289950/; classtype:trojan-activity;sid:81153050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/fnf8/"; http_uri; depth:25; isdataat:!1,relative; content:"www.loyss.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289949/; classtype:trojan-activity;sid:81153049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/error/kx8/"; http_uri; depth:11; isdataat:!1,relative; content:"www.moestlstudios.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289948/; classtype:trojan-activity;sid:81153048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/21rqvsb/xlkptvt/"; http_uri; depth:17; isdataat:!1,relative; content:"ecrib.e-lyfe.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289947/; classtype:trojan-activity;sid:81153047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/vr1tm/"; http_uri; depth:15; isdataat:!1,relative; content:"blog.arquitetofabiopalheta.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289946/; classtype:trojan-activity;sid:81153046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web_map/ff/"; http_uri; depth:12; isdataat:!1,relative; content:"nfaagro.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289945/; classtype:trojan-activity;sid:81153045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rralfen/"; http_uri; depth:18; isdataat:!1,relative; content:"egfix4you.co.uk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289944/; classtype:trojan-activity;sid:81153044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/swift/"; http_uri; depth:19; isdataat:!1,relative; content:"m-g-l.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289943/; classtype:trojan-activity;sid:81153043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/installo/reporting/"; http_uri; depth:20; isdataat:!1,relative; content:"starboardhq.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289942/; classtype:trojan-activity;sid:81153042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/po.exe"; http_uri; depth:10; isdataat:!1,relative; content:"turnkeycre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289941/; classtype:trojan-activity;sid:81153041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bolld/fushow.exe"; http_uri; depth:17; isdataat:!1,relative; content:"masabikpanel.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289940/; classtype:trojan-activity;sid:81153040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/views/cxzpxoepjv4d0vv.exe"; http_uri; depth:44; isdataat:!1,relative; content:"robotrade.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289939/; classtype:trojan-activity;sid:81153039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/nano.exe"; http_uri; depth:12; isdataat:!1,relative; content:"turnkeycre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289938/; classtype:trojan-activity;sid:81153038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/vbc.exe"; http_uri; depth:15; isdataat:!1,relative; content:"nationafourlindustrialandgooglednsline.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289937/; classtype:trojan-activity;sid:81153037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/views/pq8djk9wogmut20.exe"; http_uri; depth:44; isdataat:!1,relative; content:"robotrade.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289936/; classtype:trojan-activity;sid:81153036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/b/dbt.exe"; http_uri; depth:21; isdataat:!1,relative; content:"lehraagrotech.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289935/; classtype:trojan-activity;sid:81153035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nqr/"; http_uri; depth:14; isdataat:!1,relative; content:"headwaterslimited.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289934/; classtype:trojan-activity;sid:81153034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.54.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289933/; classtype:trojan-activity;sid:81153033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289932/; classtype:trojan-activity;sid:81153032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.132.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289931/; classtype:trojan-activity;sid:81153031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.39.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289930/; classtype:trojan-activity;sid:81153030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289929/; classtype:trojan-activity;sid:81153029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.21.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289928/; classtype:trojan-activity;sid:81153028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.38.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289927/; classtype:trojan-activity;sid:81153027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289926/; classtype:trojan-activity;sid:81153026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.207.40.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289925/; classtype:trojan-activity;sid:81153025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.226.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289924/; classtype:trojan-activity;sid:81153024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.35.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289923/; classtype:trojan-activity;sid:81153023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289922/; classtype:trojan-activity;sid:81153022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/inc/x0h8w19jhd51/fsu-27236284-054758-5a6tgteo-lvhxqc9dd3v/"; http_uri; depth:83; isdataat:!1,relative; content:"upch.mx"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289921/; classtype:trojan-activity;sid:81153021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/kvpgzo-777-42731716-rhomvqf-231ngdzu/"; http_uri; depth:55; isdataat:!1,relative; content:"designcircuit.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289920/; classtype:trojan-activity;sid:81153020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/phhzvm/"; http_uri; depth:20; isdataat:!1,relative; content:"detkiland.com.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289919/; classtype:trojan-activity;sid:81153019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/6746405/"; http_uri; depth:21; isdataat:!1,relative; content:"myphamnhat.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289918/; classtype:trojan-activity;sid:81153018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/uk2k1dlfi1/"; http_uri; depth:32; isdataat:!1,relative; content:"pkp66.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289917/; classtype:trojan-activity;sid:81153017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dzpy3-19o-49933/"; http_uri; depth:26; isdataat:!1,relative; content:"davinci.adrodev.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289916/; classtype:trojan-activity;sid:81153016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/swift/rgcdv7wrg/"; http_uri; depth:28; isdataat:!1,relative; content:"iranamuzesh.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289915/; classtype:trojan-activity;sid:81153015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mpoaf10rgzgsqq5i-7ysa1ha1cdaqcde0fo_rbcl0cbh9i2nala12mkccxxscvu_enuh7njhnr1rojrg_ddfy7swcjn-9y_84dblhmdod-vvx5efl4wrqz4bzr1wlud5xf4ee9_arcwfbizd4mwtpydc_q4dqtwop8xis3vq-plyl1kxs3he9aa-_5eniw_d0aqy3zyxf6fahemgnmjp8qa/zanku%202_encrypted_4a2950.bindownload|7c|26|7c|psid=1"; http_uri; depth:273; isdataat:!1,relative; content:"im58hq.sn.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289914/; classtype:trojan-activity;sid:81153014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mtncn5ibbgp5unqspbfcon85mxi8_mvwbv83ssprcaeqi3ya7og8zvo12h51u1zgu7mldzrhdhox-upltlhumouqzn8vo_zqenydsinh2cinjrxequzgs2h5nnd8su47-7yoiyivlrfpyipv9b3avwc6wj43rxwzt3t6pcixwesbh5cawuizawbx0sw6iyszbyqnkm3taq2gf-k5fxgqlsa/vvd_encrypted_8d8538f.bindownload|7c|26|7c|psid=1"; http_uri; depth:268; isdataat:!1,relative; content:"im4xpg.sn.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289913/; classtype:trojan-activity;sid:81153013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bot/balance/"; http_uri; depth:13; isdataat:!1,relative; content:"bahamgap.ir"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289912/; classtype:trojan-activity;sid:81153012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/hk7th5ia9v1f4vl2q6q98qktih7ocot0/1579168800000/04116322961633601944/*/13uivggmryys0wvg-ad0b4bfgy42oh1sye=download"; http_uri; depth:161; isdataat:!1,relative; content:"doc-04-1g-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289911/; classtype:trojan-activity;sid:81153011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/dn/"; http_uri; depth:8; isdataat:!1,relative; content:"noellz.nnjastudio.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289910/; classtype:trojan-activity;sid:81153010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/pbg6e6rt43qpj13q3kr0aup1eldndqsv/1579168800000/10334134496650755259/*/1o95cinjsy-mar7euiox0l55147xnillqe=download"; http_uri; depth:161; isdataat:!1,relative; content:"doc-08-1g-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289909/; classtype:trojan-activity;sid:81153009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/statement/"; http_uri; depth:19; isdataat:!1,relative; content:"www.vpm-oilfield.ae"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289908/; classtype:trojan-activity;sid:81153008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/api/ffby/"; http_uri; depth:10; isdataat:!1,relative; content:"annhienco.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289907/; classtype:trojan-activity;sid:81153007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/rg09zz6267od/45osxp-4587750534-777549264-8uiy2n-unply/"; http_uri; depth:68; isdataat:!1,relative; content:"shadkhodro.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289906/; classtype:trojan-activity;sid:81153006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/balance/sgjwkxbps/8ey9p-5269083-51086021-xx675u5m-mvnqp10qan9/"; http_uri; depth:74; isdataat:!1,relative; content:"www.bhutanbestjourney.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289905/; classtype:trojan-activity;sid:81153005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/udenmo/"; http_uri; depth:19; isdataat:!1,relative; content:"krommaster.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289904/; classtype:trojan-activity;sid:81153004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/balance/nnzvnd83r/"; http_uri; depth:28; isdataat:!1,relative; content:"usedcoffeemachinesshop.co.uk"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289903/; classtype:trojan-activity;sid:81153003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/h0nx-719304-31116494-hbl36bqan-u6pzi/"; http_uri; depth:53; isdataat:!1,relative; content:"web.emsfabrik.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289902/; classtype:trojan-activity;sid:81153002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/znaegiglr/"; http_uri; depth:23; isdataat:!1,relative; content:"www.liberare.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289901/; classtype:trojan-activity;sid:81153001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/history/llc/1twbnaat/5gabwq8-32408397-233392761-5jw76vag74p-fies3m4in/"; http_uri; depth:71; isdataat:!1,relative; content:"everydayhistory.ph"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289900/; classtype:trojan-activity;sid:81153000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289899/; classtype:trojan-activity;sid:81152999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.135.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289898/; classtype:trojan-activity;sid:81152998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.177.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289897/; classtype:trojan-activity;sid:81152997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/report/"; http_uri; depth:20; isdataat:!1,relative; content:"mixtapebeatclub.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289896/; classtype:trojan-activity;sid:81152996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/mp/"; http_uri; depth:13; isdataat:!1,relative; content:"renovationatural.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289895/; classtype:trojan-activity;sid:81152995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/overview/09lx0eecua/"; http_uri; depth:25; isdataat:!1,relative; content:"reservas.teatro.ucr.ac.cr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289894/; classtype:trojan-activity;sid:81152994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/x268s68/6z-62699727-86383-9me7cw-5bujkcd/"; http_uri; depth:61; isdataat:!1,relative; content:"www.fshome.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289893/; classtype:trojan-activity;sid:81152993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cache/zngdezn/"; http_uri; depth:26; isdataat:!1,relative; content:"dvsystem.com.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289892/; classtype:trojan-activity;sid:81152992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/85-111-056038623-qhjmb-iizmynwg0n2s/"; http_uri; depth:58; isdataat:!1,relative; content:"masumalrefat.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289891/; classtype:trojan-activity;sid:81152991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/kuv6-3w6-059/"; http_uri; depth:25; isdataat:!1,relative; content:"spolashit.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289890/; classtype:trojan-activity;sid:81152990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/inc/"; http_uri; depth:13; isdataat:!1,relative; content:"mandlevhesteelfixers.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289889/; classtype:trojan-activity;sid:81152989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qddzmao/balance/vkprqj-9227499-974932-t886yz-wo4oh2u/"; http_uri; depth:54; isdataat:!1,relative; content:"inochi.bettercre.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289888/; classtype:trojan-activity;sid:81152988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ueditor/5fkvd8q-qrsc-2899/"; http_uri; depth:27; isdataat:!1,relative; content:"www.cclrbbt.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289887/; classtype:trojan-activity;sid:81152987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/browse/7xy0im8/"; http_uri; depth:29; isdataat:!1,relative; content:"builanhuong.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289886/; classtype:trojan-activity;sid:81152986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/prhsp/"; http_uri; depth:16; isdataat:!1,relative; content:"emto.eu"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289885/; classtype:trojan-activity;sid:81152985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/"; http_uri; depth:16; isdataat:!1,relative; content:"ststar.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289884/; classtype:trojan-activity;sid:81152984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/get/homec/ioclase.exe"; http_uri; depth:22; isdataat:!1,relative; content:"interpremier1998.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289883/; classtype:trojan-activity;sid:81152983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/file/"; http_uri; depth:25; isdataat:!1,relative; content:"digital-life.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289882/; classtype:trojan-activity;sid:81152982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rv-1mo-709/"; http_uri; depth:23; isdataat:!1,relative; content:"art-paprika.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289881/; classtype:trojan-activity;sid:81152981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/payment/4le-99688-480210-z2xn-9owp/"; http_uri; depth:40; isdataat:!1,relative; content:"cynotech.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289880/; classtype:trojan-activity;sid:81152980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/user_guide/public/wd-3384-769-bi0s-gtznz8/"; http_uri; depth:43; isdataat:!1,relative; content:"traffic.cynotech.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289879/; classtype:trojan-activity;sid:81152979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/public/vlkwky/"; http_uri; depth:15; isdataat:!1,relative; content:"cynoschool.cynotech.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289878/; classtype:trojan-activity;sid:81152978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/esp/a246xycfrplo/fka5zee-052490220-1102-6gvqfxmgaso-ajkx20q/"; http_uri; depth:61; isdataat:!1,relative; content:"dev.nextg.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289877/; classtype:trojan-activity;sid:81152977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/llc/mmtdg-989307-559-1bjpn5c1l0z-2u4ro/"; http_uri; depth:51; isdataat:!1,relative; content:"prestige.nextg.io"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289876/; classtype:trojan-activity;sid:81152976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/crm/japitp/"; http_uri; depth:12; isdataat:!1,relative; content:"gpscongolimited.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289875/; classtype:trojan-activity;sid:81152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shf.siamweb.co/1854153513/bmyp-95995198-96-vuxyblxxm9-mxhdu57bp/"; http_uri; depth:65; isdataat:!1,relative; content:"shf.siamweb.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289874/; classtype:trojan-activity;sid:81152974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.65.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289873/; classtype:trojan-activity;sid:81152973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289872/; classtype:trojan-activity;sid:81152972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.77.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289871/; classtype:trojan-activity;sid:81152971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.18.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289870/; classtype:trojan-activity;sid:81152970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.129.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289869/; classtype:trojan-activity;sid:81152969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.51.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289868/; classtype:trojan-activity;sid:81152968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289867/; classtype:trojan-activity;sid:81152967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289866/; classtype:trojan-activity;sid:81152966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289865/; classtype:trojan-activity;sid:81152965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.62.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289864/; classtype:trojan-activity;sid:81152964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.70.158.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289863/; classtype:trojan-activity;sid:81152963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/u8gf0ii-14216-012557634-fy0gd-4tvwpgqil/"; http_uri; depth:56; isdataat:!1,relative; content:"interlok.nextg.io"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289862/; classtype:trojan-activity;sid:81152962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ofs3-c8f-0631/"; http_uri; depth:27; isdataat:!1,relative; content:"print.arretsurimage.ma"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289861/; classtype:trojan-activity;sid:81152961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/8uy-81957-469-niay33-rh4uzmdgk1/"; http_uri; depth:46; isdataat:!1,relative; content:"stage.eurosound.edgeupstudio.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289860/; classtype:trojan-activity;sid:81152960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oct/711dcbtytgo/bczvo-602808903-079-fucus9xv-kmxz5da/"; http_uri; depth:63; isdataat:!1,relative; content:"stage.thecurtain.edgeupstudio.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289859/; classtype:trojan-activity;sid:81152959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/mesifx/"; http_uri; depth:27; isdataat:!1,relative; content:"nextg.io"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289858/; classtype:trojan-activity;sid:81152958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/34dqfk/"; http_uri; depth:25; isdataat:!1,relative; content:"stage.ephah.edgeupstudio.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289857/; classtype:trojan-activity;sid:81152957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test777/3604063935002/otxx63w67so/fc1i7-940494-00003-s4bgi-y4h5wm/"; http_uri; depth:67; isdataat:!1,relative; content:"www.3agirl.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289856/; classtype:trojan-activity;sid:81152956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/3td2r-m76e6-7978/"; http_uri; depth:27; isdataat:!1,relative; content:"stage.beche.edgeupstudio.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289855/; classtype:trojan-activity;sid:81152955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inc/qnv1imqbloq/j2b-273900979-484553161-it1sck-by0r5z8kfaa2/"; http_uri; depth:73; isdataat:!1,relative; content:"coldstorm.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289854/; classtype:trojan-activity;sid:81152954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content2/doc/e-3068321-32534418-gzr3ft436-mhxnm/"; http_uri; depth:52; isdataat:!1,relative; content:"baakcafe.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289853/; classtype:trojan-activity;sid:81152953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/w72mlh53"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289852/; classtype:trojan-activity;sid:81152952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/views/ekob7haexxl29co.exee"; http_uri; depth:45; isdataat:!1,relative; content:"robotrade.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289851/; classtype:trojan-activity;sid:81152951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmsapi.udom.ac.tz/cpmqb/axmz-t6ve-21/"; http_uri; depth:38; isdataat:!1,relative; content:"portal.udom.ac.tz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289850/; classtype:trojan-activity;sid:81152950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/g0yuekp6i/od-191686700-370051-fnfx0d-ev9z2d9ap/"; http_uri; depth:69; isdataat:!1,relative; content:"woofilter.gsamdani.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289849/; classtype:trojan-activity;sid:81152949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/parts_service/19x49adi6dy/au6-832-122-w4u80a-ivqeg4lj/"; http_uri; depth:62; isdataat:!1,relative; content:"msklk.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289848/; classtype:trojan-activity;sid:81152948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmsapi.udom.ac.tz/k6kot-hm5a-435/"; http_uri; depth:34; isdataat:!1,relative; content:"portal.udom.ac.tz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289847/; classtype:trojan-activity;sid:81152947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmsapi.udom.ac.tz/balance/ns53b0rf/"; http_uri; depth:36; isdataat:!1,relative; content:"coed.udom.ac.tz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289846/; classtype:trojan-activity;sid:81152946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.104.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289845/; classtype:trojan-activity;sid:81152945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289844/; classtype:trojan-activity;sid:81152944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.27.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289843/; classtype:trojan-activity;sid:81152943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.50.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289842/; classtype:trojan-activity;sid:81152942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289841/; classtype:trojan-activity;sid:81152941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.160.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289840/; classtype:trojan-activity;sid:81152940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289839/; classtype:trojan-activity;sid:81152939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ipr/"; http_uri; depth:16; isdataat:!1,relative; content:"library.udom.ac.tz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289838/; classtype:trojan-activity;sid:81152938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmsapi.udom.ac.tz/payment/"; http_uri; depth:27; isdataat:!1,relative; content:"test.udom.ac.tz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289837/; classtype:trojan-activity;sid:81152937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ddsn-dv7-475/"; http_uri; depth:23; isdataat:!1,relative; content:"manweilongchu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289836/; classtype:trojan-activity;sid:81152936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmsapi.udom.ac.tz/browse/"; http_uri; depth:26; isdataat:!1,relative; content:"cbsl.udom.ac.tz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289835/; classtype:trojan-activity;sid:81152935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zjc1odnhodvmmmvlmtrmmtk5ymrjztgyyjg1zjmwmzaymwzizmm0otoxatjtske6v1jynwlymmziszfxudf5snpiajfnem5qoupz/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s02.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289834/; classtype:trojan-activity;sid:81152934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjqxndblmdjhnwfjnzbiyjq2nmezzde3odeyzguxmje4njc2nmy0mzoxatrys206z2fkoevxy01kr1fzq1g2vnzidvzqbmdyowhf/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s02.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289833/; classtype:trojan-activity;sid:81152933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/x79718/f-39317763-06331-7rts8f-wly34hfl7q1q/"; http_uri; depth:66; isdataat:!1,relative; content:"5ssolutions.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289832/; classtype:trojan-activity;sid:81152932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ogvkyza4zgqwnji3otu3mte4mteym2y2zdfjmwmzntnhyjzjymfhzdoxatzknve6sjnfvvk1sllvm1rhnklubdh4lwnqawprn3zn/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s01.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289831/; classtype:trojan-activity;sid:81152931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zdyyntlhmdy1ytm2njhjywq3nwqymwmwymflmde5mzi3ymzkzgi1mjoxzlloadi6qvzyzxrkvfdues1oskriskk4whnknjc4zdbv/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s02.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289830/; classtype:trojan-activity;sid:81152930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qza/personal-ylb7pdf-rdxng6iwpbhbn/interior-xx4ya-7aztt3elxc6by2/ztx7kekk-wig2nizn6gkt/"; http_uri; depth:88; isdataat:!1,relative; content:"52osta.cn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289829/; classtype:trojan-activity;sid:81152929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mtywztlhm2u5othkyzdjzdrmmtyxmzq1ogewzji3otfmmtu3ndjjodoxaxjzdge6dkdwuvbhudzhnmhvyurqaenfbfo0ahrwtjew/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s01.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289828/; classtype:trojan-activity;sid:81152928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/file/h-585-50-xjfl8wz-oariqb/"; http_uri; depth:37; isdataat:!1,relative; content:"demo.kechuahangdidong.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289827/; classtype:trojan-activity;sid:81152927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/image/90e92k-xbi-15/"; http_uri; depth:21; isdataat:!1,relative; content:"lavenirkids.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289826/; classtype:trojan-activity;sid:81152926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/4fe-046259-76-ecxzle-khme9x3/"; http_uri; depth:47; isdataat:!1,relative; content:"kromlogistic.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289825/; classtype:trojan-activity;sid:81152925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zthjngm4ngmwmde3yzk5zmmyyzzhowzjntq3zmnjnmjjnwy5mta1yzoxatvkrtk6u19itdlqthbunko4etlvy0duumntytjoetdb/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s01.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289824/; classtype:trojan-activity;sid:81152924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ogeyndy1mjlizdg0ztdhogizowiynwmwzda5nwu3ntvkyzlmzde4odoxaw80cuw6y1v5ywpid2p4nhmtx0ltngzbtjrqoxn4qmlb/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s01.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289823/; classtype:trojan-activity;sid:81152923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n2rmngrlzdewndllotq5n2u2zge0mzljyjq2mwriowqxntqyzgzjodoxafnyaku6v1zddmjkrnrft0kwmednamstwmlqzfrhugrn/gwvplg4drpqgb/263.exe"; http_uri; depth:123; isdataat:!1,relative; content:"s02.solidfilesusercontent.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289822/; classtype:trojan-activity;sid:81152922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/v2c7508/"; http_uri; depth:25; isdataat:!1,relative; content:"ebrightskinnganjuk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289821/; classtype:trojan-activity;sid:81152921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/9/"; http_uri; depth:12; isdataat:!1,relative; content:"grayandwhite.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289820/; classtype:trojan-activity;sid:81152920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jz5p/"; http_uri; depth:17; isdataat:!1,relative; content:"wotan.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289819/; classtype:trojan-activity;sid:81152919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/joabbf/"; http_uri; depth:17; isdataat:!1,relative; content:"iiatlanta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289818/; classtype:trojan-activity;sid:81152918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vq7/"; http_uri; depth:17; isdataat:!1,relative; content:"ektisadona.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289817/; classtype:trojan-activity;sid:81152917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zlnl4e/bygv89z/"; http_uri; depth:16; isdataat:!1,relative; content:"media.najaminstitute.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289816/; classtype:trojan-activity;sid:81152916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hjntocovw/"; http_uri; depth:22; isdataat:!1,relative; content:"www.hondajazzclubindonesia.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289815/; classtype:trojan-activity;sid:81152915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jrerty/"; http_uri; depth:19; isdataat:!1,relative; content:"zhangyiyi.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289814/; classtype:trojan-activity;sid:81152914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0589072/imakkrcbl/"; http_uri; depth:19; isdataat:!1,relative; content:"chasem2020.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289813/; classtype:trojan-activity;sid:81152913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/799612/iiadxvvb/"; http_uri; depth:17; isdataat:!1,relative; content:"bassman1980-001-site5.gtempurl.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289812/; classtype:trojan-activity;sid:81152912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/260shby-cdsu5t59-05/"; http_uri; depth:32; isdataat:!1,relative; content:"blulinknetwork.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289811/; classtype:trojan-activity;sid:81152911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/"; http_uri; depth:20; isdataat:!1,relative; content:"after-party.000webhostapp.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289810/; classtype:trojan-activity;sid:81152910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/home/okt/"; http_uri; depth:10; isdataat:!1,relative; content:"www.clinicacrecer.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289809/; classtype:trojan-activity;sid:81152909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lu12/"; http_uri; depth:14; isdataat:!1,relative; content:"compta.referansy.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289808/; classtype:trojan-activity;sid:81152908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gstore/t5zc3111/"; http_uri; depth:17; isdataat:!1,relative; content:"holodrs.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289807/; classtype:trojan-activity;sid:81152907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cxqsk70/"; http_uri; depth:20; isdataat:!1,relative; content:"nguyenminhthong.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289806/; classtype:trojan-activity;sid:81152906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/mmgngia/"; http_uri; depth:20; isdataat:!1,relative; content:"taobaoraku.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289805/; classtype:trojan-activity;sid:81152905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/report/sz-957-408-rkdhx55-zxfi/"; http_uri; depth:43; isdataat:!1,relative; content:"pavlin-tex.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289804/; classtype:trojan-activity;sid:81152904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289803/; classtype:trojan-activity;sid:81152903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.195.59.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289802/; classtype:trojan-activity;sid:81152902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.7.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289801/; classtype:trojan-activity;sid:81152901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289800/; classtype:trojan-activity;sid:81152900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.173.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289799/; classtype:trojan-activity;sid:81152899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.43.168.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289798/; classtype:trojan-activity;sid:81152898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.3.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289797/; classtype:trojan-activity;sid:81152897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.92.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289796/; classtype:trojan-activity;sid:81152896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289795/; classtype:trojan-activity;sid:81152895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289794/; classtype:trojan-activity;sid:81152894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289793/; classtype:trojan-activity;sid:81152893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/docs/455xuit/"; http_uri; depth:23; isdataat:!1,relative; content:"infra93.co.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289792/; classtype:trojan-activity;sid:81152892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/report/f7hf34m6b5d/iw-834-62-c5m1w-0ai2oa/"; http_uri; depth:51; isdataat:!1,relative; content:"digitaltimbangan.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289791/; classtype:trojan-activity;sid:81152891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp2/payment/adr-792939312-273407-rzzglvg80-tv9i5/"; http_uri; depth:50; isdataat:!1,relative; content:"iloveto.dance"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289790/; classtype:trojan-activity;sid:81152890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/available-section/46514007-rjysaasqmgmf-rpjijzgmz0hj7xk-giy4d/ulz3aumqmohy-mf5jvoikmx/"; http_uri; depth:96; isdataat:!1,relative; content:"papaya.ne.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289789/; classtype:trojan-activity;sid:81152889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/personal_zone/guarded_920790106322_ah7y625d/mn5_x938v3suy/"; http_uri; depth:63; isdataat:!1,relative; content:"sncshyamavan.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289788/; classtype:trojan-activity;sid:81152888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ashrae/personal_array/close_profile/ou3p4qlq88_7a14mgjgjukp/"; http_uri; depth:61; isdataat:!1,relative; content:"202.88.239.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289787/; classtype:trojan-activity;sid:81152887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cryptominerbros/wordpress/wp-content/personal-resource/open-area/taebvjv5p25-kqics3u9mv/"; http_uri; depth:89; isdataat:!1,relative; content:"14.141.175.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289786/; classtype:trojan-activity;sid:81152886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/faliqx/available_sector/verifiable_space/bcg9v3vh_xinrckl2q/"; http_uri; depth:61; isdataat:!1,relative; content:"www.iamselorm.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289785/; classtype:trojan-activity;sid:81152885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/activate/common-os8lodd5ol-pdb3tgyws5/guarded-profile/40215237567-cijtwgvy4xc1l/"; http_uri; depth:81; isdataat:!1,relative; content:"justinscolary.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289784/; classtype:trojan-activity;sid:81152884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4337/protected_disk/open_444909919_8zu6moe/2471995119771_hiftfjj/"; http_uri; depth:66; isdataat:!1,relative; content:"mif.zu.edu.jo"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289783/; classtype:trojan-activity;sid:81152883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7f704f63fc2e9eaf8cfc8583aad85562/33214618-qfyy75uopbko-array/8011698-7ypq9kxlwi-space/e6b29ut0svj046u-"; http_uri; depth:103; isdataat:!1,relative; content:"nguyenthanhdat.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289782/; classtype:trojan-activity;sid:81152882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/"; http_uri; depth:14; isdataat:!1,relative; content:"madania.ca"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289781/; classtype:trojan-activity;sid:81152881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/kfiliio7i-vctdvfn86l9km-disk/corporate-forum/6r6na4qvgs6hh4-5s63v/"; http_uri; depth:74; isdataat:!1,relative; content:"grupoaldan.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289780/; classtype:trojan-activity;sid:81152880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/personal_module/external_cloud/198014714_rjit9/"; http_uri; depth:59; isdataat:!1,relative; content:"bkj2002.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289779/; classtype:trojan-activity;sid:81152879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eyv9212l/personal_18121718550_mxqllj2wgm/4351364_piawuwh_67172046864_soin4lk/p444a2bju7thg_29u44u"; http_uri; depth:98; isdataat:!1,relative; content:"dustn2378.dothome.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289778/; classtype:trojan-activity;sid:81152878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fve4sq/cred.dll"; http_uri; depth:16; isdataat:!1,relative; content:"217.8.117.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289777/; classtype:trojan-activity;sid:81152877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ahs/private_ly8nlfymus7_cz2z0tbj9/additional_xkqzdpa7x_3nqqz9gb/oyxz_yt25z/"; http_uri; depth:76; isdataat:!1,relative; content:"wtc-chandigarh.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289776/; classtype:trojan-activity;sid:81152876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/317754883815-3ynln41b6jksono-hn4wiznnb-uuvhwsxdv/697040004-souj4ywgysy-profile/iczy06xq02vff7g-"; http_uri; depth:105; isdataat:!1,relative; content:"menarabinjai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289775/; classtype:trojan-activity;sid:81152875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/multifunctional-sector/gwk86s21mhrxk8d-56al4a0vso-09669768925-qxivzmsec4ctfqu/jsvt6-yjkj27r3"; http_uri; depth:102; isdataat:!1,relative; content:"babyskinclinic.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289774/; classtype:trojan-activity;sid:81152874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/vbjyiit10_rbjjmhhirf_zone/external_cloud/etvdpjqstcg02z1v_11tx1tz0w519s/"; http_uri; depth:82; isdataat:!1,relative; content:"www.norcalit.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289773/; classtype:trojan-activity;sid:81152873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/open_module/9l7p3_2nlxmc_portal/viwht_ztjhf2oom/"; http_uri; depth:59; isdataat:!1,relative; content:"www.aucloud.club"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289772/; classtype:trojan-activity;sid:81152872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal-tg5bux-jpmusap/open-8675427646-vuu1qahkl1y/4dvr1fm9jy-2t8870z/"; http_uri; depth:81; isdataat:!1,relative; content:"www.uumove.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289771/; classtype:trojan-activity;sid:81152871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/lbhuekb75/16p-447647098-44-hl7rr8pll-ihpxtagfc0/"; http_uri; depth:69; isdataat:!1,relative; content:"opinioninformacion.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289770/; classtype:trojan-activity;sid:81152870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/public/8x07pv4i418/i7-3935551-07326-sezhf2o-nk5ylv/"; http_uri; depth:61; isdataat:!1,relative; content:"sanjoseperico.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289769/; classtype:trojan-activity;sid:81152869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ndfghjkxcvcvbn.exe"; http_uri; depth:19; isdataat:!1,relative; content:"dgfjdxcfgvbxc.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289768/; classtype:trojan-activity;sid:81152868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbchxvjk.exe"; http_uri; depth:13; isdataat:!1,relative; content:"dgfjdxcfgvbxc.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289767/; classtype:trojan-activity;sid:81152867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dcvhgfrt.exe"; http_uri; depth:13; isdataat:!1,relative; content:"dgfjdxcfgvbxc.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289766/; classtype:trojan-activity;sid:81152866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p_14754cwzr1.jpg"; http_uri; depth:17; isdataat:!1,relative; content:"h.top4top.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289765/; classtype:trojan-activity;sid:81152865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vt9lnkoq/6805072101641/6805072101641/"; http_uri; depth:38; isdataat:!1,relative; content:"www.angiathinh.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289764/; classtype:trojan-activity;sid:81152864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.71.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289763/; classtype:trojan-activity;sid:81152863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/60a5c6551ad6d6334380465489e9d112/paclm/xz0jmy7b/"; http_uri; depth:49; isdataat:!1,relative; content:"exemonk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289762/; classtype:trojan-activity;sid:81152862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/"; http_uri; depth:17; isdataat:!1,relative; content:"www.thebendereyecare.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289761/; classtype:trojan-activity;sid:81152861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r/wx61m"; http_uri; depth:8; isdataat:!1,relative; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289760/; classtype:trojan-activity;sid:81152860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/"; http_uri; depth:16; isdataat:!1,relative; content:"www.onwardworldwide.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289759/; classtype:trojan-activity;sid:81152859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/report/yqbdcx7/eyr0ebm-634-7860579-wd4slh-kpe67qrsj8/"; http_uri; depth:66; isdataat:!1,relative; content:"www.mbytj.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289758/; classtype:trojan-activity;sid:81152858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/closed-olutbxzu-0yvnfzby2x/42510832-wqlri8zqhhs-forum/rds7w69n8oab-ldxpvluz2z/"; http_uri; depth:90; isdataat:!1,relative; content:"memenyc.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289757/; classtype:trojan-activity;sid:81152857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ema/docs/"; http_uri; depth:10; isdataat:!1,relative; content:"infinitedivineministry.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289756/; classtype:trojan-activity;sid:81152856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.69.56.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289755/; classtype:trojan-activity;sid:81152855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289754/; classtype:trojan-activity;sid:81152854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289753/; classtype:trojan-activity;sid:81152853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289752/; classtype:trojan-activity;sid:81152852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289751/; classtype:trojan-activity;sid:81152851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289750/; classtype:trojan-activity;sid:81152850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.25.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289749/; classtype:trojan-activity;sid:81152849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289748/; classtype:trojan-activity;sid:81152848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289747/; classtype:trojan-activity;sid:81152847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.97.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289746/; classtype:trojan-activity;sid:81152846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.2.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289745/; classtype:trojan-activity;sid:81152845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.bin"; http_uri; depth:10; isdataat:!1,relative; content:"youaernedit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289744/; classtype:trojan-activity;sid:81152844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/rns-7431-24-96b6u-k3o9l2iz9/"; http_uri; depth:41; isdataat:!1,relative; content:"raipic.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289743/; classtype:trojan-activity;sid:81152843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bestcarsyear/browse/wh17zoqqpar/"; http_uri; depth:33; isdataat:!1,relative; content:"blogrb.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289742/; classtype:trojan-activity;sid:81152842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/"; http_uri; depth:21; isdataat:!1,relative; content:"scorpiosys.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289741/; classtype:trojan-activity;sid:81152841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e-commerce/q6ijulm6p_0s1don8nipzg0_a5i5pm5sv4zys_a7hauacnz/verifiable_41700018161_ibnk5ivkmni/uodnq_xuyyyt9/"; http_uri; depth:109; isdataat:!1,relative; content:"ebs1952.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289740/; classtype:trojan-activity;sid:81152840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/egr/sa7pf/7x01ye1-733693-6679-rktqok-axf3ogiiee/"; http_uri; depth:49; isdataat:!1,relative; content:"ative.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289739/; classtype:trojan-activity;sid:81152839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/open-resource/close-space/ad9cb-ilvhqeh9i/"; http_uri; depth:55; isdataat:!1,relative; content:"living.portasol.cr"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289738/; classtype:trojan-activity;sid:81152838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hetv/documentation/5e8tood1t7/"; http_uri; depth:31; isdataat:!1,relative; content:"wujianji.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289737/; classtype:trojan-activity;sid:81152837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/multifunctional-job1mkkatv-pcbojlmwhfl/personal-resource/corporate-cloud/q9id1-yw1w/"; http_uri; depth:85; isdataat:!1,relative; content:"k.5qa.so"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289736/; classtype:trojan-activity;sid:81152836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/adventure/documentation/f2yvty5/bjq9xt-08895462-571308-r8hachxpcb-8w0p2htnrtia/"; http_uri; depth:80; isdataat:!1,relative; content:"darkplains.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289735/; classtype:trojan-activity;sid:81152835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.73.46.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289733/; classtype:trojan-activity;sid:81152833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.223.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289732/; classtype:trojan-activity;sid:81152832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289731/; classtype:trojan-activity;sid:81152831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289730/; classtype:trojan-activity;sid:81152830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289729/; classtype:trojan-activity;sid:81152829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.238.179.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289728/; classtype:trojan-activity;sid:81152828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289727/; classtype:trojan-activity;sid:81152827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289726/; classtype:trojan-activity;sid:81152826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.232.61.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289725/; classtype:trojan-activity;sid:81152825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.248.104.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289724/; classtype:trojan-activity;sid:81152824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.101.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289723/; classtype:trojan-activity;sid:81152823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.154.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289722/; classtype:trojan-activity;sid:81152822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/protected_disk/security_cloud/7331756062_jccppkytitusak/"; http_uri; depth:76; isdataat:!1,relative; content:"moodig.se"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289721/; classtype:trojan-activity;sid:81152821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/6257541/jy1yskpeeqi/tsmtg1d-3317-082-oixpyooykyu-1jgdl3a7j/"; http_uri; depth:68; isdataat:!1,relative; content:"henkphilipsen.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289720/; classtype:trojan-activity;sid:81152820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/logo/arm.jpg"; http_uri; depth:21; isdataat:!1,relative; content:"asiains.com.ph"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289719/; classtype:trojan-activity;sid:81152819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/multifunctional-box/open-area/92649366755444-v9uak3uv/"; http_uri; depth:64; isdataat:!1,relative; content:"cars.grayandwhite.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289718/; classtype:trojan-activity;sid:81152818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snippet/scan/8p2b732afreu/"; http_uri; depth:27; isdataat:!1,relative; content:"clicksbyayush.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289717/; classtype:trojan-activity;sid:81152817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/books/report/n01-4873093410-39-h5nm0-i8kn6hc/"; http_uri; depth:46; isdataat:!1,relative; content:"54.149.77.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289716/; classtype:trojan-activity;sid:81152816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/"; http_uri; depth:13; isdataat:!1,relative; content:"buildingappspro.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289715/; classtype:trojan-activity;sid:81152815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stats/swift/"; http_uri; depth:13; isdataat:!1,relative; content:"globalcreditpartners.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289714/; classtype:trojan-activity;sid:81152814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alloldfiles.zip/closed-sncsv-k3modttvw3r/verified-portal/358409-o4ltwmvhegl7v0m/"; http_uri; depth:81; isdataat:!1,relative; content:"navinfamilywines.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289713/; classtype:trojan-activity;sid:81152813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/docs/jgndp-045-73-085s-5lbo1w85dw/"; http_uri; depth:44; isdataat:!1,relative; content:"www.yzmwh.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289712/; classtype:trojan-activity;sid:81152812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qza/swift/l-778-550900116-4n6y1ii-0lsjz/"; http_uri; depth:41; isdataat:!1,relative; content:"www.52osta.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289711/; classtype:trojan-activity;sid:81152811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/protected_module/xe4g5h_is4vx9sce0p87va_cloud/n8vfgvt_pbiy48hur0/"; http_uri; depth:75; isdataat:!1,relative; content:"southlanddevelopers.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289710/; classtype:trojan-activity;sid:81152810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/adm/private-box/interior-7981676088-8wl7vtu/36133092-400t2sf/"; http_uri; depth:62; isdataat:!1,relative; content:"103.30.183.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289709/; classtype:trojan-activity;sid:81152809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y36jk/docs/jzf5s5q-43793962-13786323-5cwdgys8-9vot8kek1mq/"; http_uri; depth:59; isdataat:!1,relative; content:"142.93.101.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289708/; classtype:trojan-activity;sid:81152808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/images_upload/multifunctional-xpusvx-j7e0e040n/individual-profile/5xb1bt-s6xt5/"; http_uri; depth:87; isdataat:!1,relative; content:"pixelrock.com.au"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289707/; classtype:trojan-activity;sid:81152807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blockchainqa/balance/"; http_uri; depth:22; isdataat:!1,relative; content:"34.239.95.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289706/; classtype:trojan-activity;sid:81152806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/webmail/closed_f0vovm03q9j33wiq_coc0sua8sypiaw6s/interior_2ccqdq7ym_hcbpl8uhp7/623746503_9wftok2/"; http_uri; depth:98; isdataat:!1,relative; content:"202.29.22.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289705/; classtype:trojan-activity;sid:81152805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ghidinitarcisioabelio/personal-disk/additional-portal/nkahq15-j5vjtllwty/"; http_uri; depth:74; isdataat:!1,relative; content:"188.164.131.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289704/; classtype:trojan-activity;sid:81152804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/"; http_uri; depth:14; isdataat:!1,relative; content:"social.scottsimard.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289703/; classtype:trojan-activity;sid:81152803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/phrases/o8es_3cdkzbi_array/additional_92401124_czwahcjdd/lpnjqqy5blr_rfic7ggt/"; http_uri; depth:79; isdataat:!1,relative; content:"pminfocom.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289702/; classtype:trojan-activity;sid:81152802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/roawk/esp/zpqzevykwq7z/"; http_uri; depth:24; isdataat:!1,relative; content:"yourways.se"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289701/; classtype:trojan-activity;sid:81152801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sendincsecure/parts_service/"; http_uri; depth:29; isdataat:!1,relative; content:"abaoxianshu.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289700/; classtype:trojan-activity;sid:81152800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.48.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289699/; classtype:trojan-activity;sid:81152799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289698/; classtype:trojan-activity;sid:81152798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289697/; classtype:trojan-activity;sid:81152797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.150.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289696/; classtype:trojan-activity;sid:81152796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.184.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289695/; classtype:trojan-activity;sid:81152795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.250.42.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289694/; classtype:trojan-activity;sid:81152794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.37.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289693/; classtype:trojan-activity;sid:81152793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.163.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289692/; classtype:trojan-activity;sid:81152792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289691/; classtype:trojan-activity;sid:81152791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.86.235.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289690/; classtype:trojan-activity;sid:81152790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.33.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289689/; classtype:trojan-activity;sid:81152789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.150.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289688/; classtype:trojan-activity;sid:81152788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.4.30.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289687/; classtype:trojan-activity;sid:81152787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289686/; classtype:trojan-activity;sid:81152786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.248.97.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289685/; classtype:trojan-activity;sid:81152785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.149.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289684/; classtype:trojan-activity;sid:81152784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289683/; classtype:trojan-activity;sid:81152783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289682/; classtype:trojan-activity;sid:81152782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.89.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289681/; classtype:trojan-activity;sid:81152781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/split/closed_array/verified_968984_phv1m2lyxap1/fo85mmw_alr3n0yz/"; http_uri; depth:66; isdataat:!1,relative; content:"split.offbeat.guide"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289680/; classtype:trojan-activity;sid:81152780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/b0f45aec027284c2ee5cd3940b040b12/balance/j6btz9xm3/rrs-73960-64903-krrw2i-udum26m67/"; http_uri; depth:85; isdataat:!1,relative; content:"www.progymrd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289679/; classtype:trojan-activity;sid:81152779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/"; http_uri; depth:16; isdataat:!1,relative; content:"lotion5592.000webhostapp.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289678/; classtype:trojan-activity;sid:81152778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/common/file/"; http_uri; depth:13; isdataat:!1,relative; content:"community.neomeric.us"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289677/; classtype:trojan-activity;sid:81152777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/multifunctional_03754122544_fib8xxzef7jsq/627857_niyhsugerljsnnq_space/sagm76ey_iagn1xur42hyf/"; http_uri; depth:104; isdataat:!1,relative; content:"inmemcards.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289676/; classtype:trojan-activity;sid:81152776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/customfield/documentation/"; http_uri; depth:27; isdataat:!1,relative; content:"mout.applay.club"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289675/; classtype:trojan-activity;sid:81152775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/open_module/close_20681281_tjflhpayij/fv721_uw4w7/"; http_uri; depth:63; isdataat:!1,relative; content:"artified.co"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289674/; classtype:trojan-activity;sid:81152774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/g/etrac/"; http_uri; depth:9; isdataat:!1,relative; content:"nhanmien.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289673/; classtype:trojan-activity;sid:81152773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/open_box/security_cloud/x9jpuh56nlny_0w2y3/"; http_uri; depth:50; isdataat:!1,relative; content:"www.germistonmiraclecentre.co.za"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289672/; classtype:trojan-activity;sid:81152772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/etrac/zjm-74538562-163914150-uczid-e123j5a00sh/"; http_uri; depth:59; isdataat:!1,relative; content:"lotussales.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289671/; classtype:trojan-activity;sid:81152771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/27384913211144409/docs/l6rr-4756873-174837465-hlcqphum08v-2pi76cjuj/"; http_uri; depth:69; isdataat:!1,relative; content:"forscene.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289670/; classtype:trojan-activity;sid:81152770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/worthog/statement/1nv9oa/"; http_uri; depth:26; isdataat:!1,relative; content:"azeevatech.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289669/; classtype:trojan-activity;sid:81152769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hindi/invoice/il-3373-6640-zvnnx0uaj-ltd7/"; http_uri; depth:43; isdataat:!1,relative; content:"myenglishisgood.net.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289668/; classtype:trojan-activity;sid:81152768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/report/"; http_uri; depth:19; isdataat:!1,relative; content:"sidralmalaki.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289667/; classtype:trojan-activity;sid:81152767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"31.168.254.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289666/; classtype:trojan-activity;sid:81152766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"94.202.61.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289665/; classtype:trojan-activity;sid:81152765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/awstatsicons/documentation/l-3521142-40999019-s6hw6-hu56/"; http_uri; depth:58; isdataat:!1,relative; content:"acteon.com.ar"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289664/; classtype:trojan-activity;sid:81152764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/site_espanol/protected-array/31194617699-siwqqdeytfoxp-warehouse/o4q62e5znd-6wu16/"; http_uri; depth:83; isdataat:!1,relative; content:"sampling-group.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289663/; classtype:trojan-activity;sid:81152763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/slider_photos/inc/gpv4zcz/i2-75696119-039920-84mxt9b4o7-n4nrp/"; http_uri; depth:63; isdataat:!1,relative; content:"partyflix.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289662/; classtype:trojan-activity;sid:81152762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paladin/protected_module/test_cloud/h0a0ejygr_zm4mhg0v/"; http_uri; depth:56; isdataat:!1,relative; content:"specialtactics.sk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289661/; classtype:trojan-activity;sid:81152761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1kfhr7/916078464/ub0-3628-1235-fi0f4lbdpoe-ld62/"; http_uri; depth:49; isdataat:!1,relative; content:"104.131.148.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289660/; classtype:trojan-activity;sid:81152760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/56911099_2ugozk1ssjgymc8_disk/close_forum/35t0wzlpe_4l94c5ck/"; http_uri; depth:74; isdataat:!1,relative; content:"139.59.33.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289659/; classtype:trojan-activity;sid:81152759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qbshelpdesk/esp/3d-170555-37-hxlm2e0e-pc3k6ox9/"; http_uri; depth:48; isdataat:!1,relative; content:"108.171.179.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289658/; classtype:trojan-activity;sid:81152758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bzsffzmd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289657/; classtype:trojan-activity;sid:81152757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/server5/fitness/4291995372015_yc1ukgo0yy_fj0idqp_8mvlj149/additional_area/4m9vyceg_ci48nd4h/"; http_uri; depth:93; isdataat:!1,relative; content:"122.180.254.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289656/; classtype:trojan-activity;sid:81152756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.18.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289655/; classtype:trojan-activity;sid:81152755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289654/; classtype:trojan-activity;sid:81152754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289653/; classtype:trojan-activity;sid:81152753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.39.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289652/; classtype:trojan-activity;sid:81152752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.182.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289651/; classtype:trojan-activity;sid:81152751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.179.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289650/; classtype:trojan-activity;sid:81152750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289649/; classtype:trojan-activity;sid:81152749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.171.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289648/; classtype:trojan-activity;sid:81152748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.219.135.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289647/; classtype:trojan-activity;sid:81152747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289646/; classtype:trojan-activity;sid:81152746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.187.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289645/; classtype:trojan-activity;sid:81152745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289644/; classtype:trojan-activity;sid:81152744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289643/; classtype:trojan-activity;sid:81152743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.8.195.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289642/; classtype:trojan-activity;sid:81152742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.248.105.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289641/; classtype:trojan-activity;sid:81152741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lavylow/reporting/2z8dhvrhq4/"; http_uri; depth:30; isdataat:!1,relative; content:"157.230.120.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289640/; classtype:trojan-activity;sid:81152740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/teamb-forum/overview/"; http_uri; depth:22; isdataat:!1,relative; content:"111.93.169.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289639/; classtype:trojan-activity;sid:81152739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cssi_api/oct/dkb1y3znq/"; http_uri; depth:24; isdataat:!1,relative; content:"125.99.60.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289638/; classtype:trojan-activity;sid:81152738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yl5cdx5p"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289637/; classtype:trojan-activity;sid:81152737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dp_world_staging/uploads/bv2fc54uawv/"; http_uri; depth:38; isdataat:!1,relative; content:"51.15.206.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289636/; classtype:trojan-activity;sid:81152736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/esp/ec45v9/"; http_uri; depth:21; isdataat:!1,relative; content:"206.189.78.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289635/; classtype:trojan-activity;sid:81152735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/open-array/test-forum/mcimprj-16xx0w50/"; http_uri; depth:51; isdataat:!1,relative; content:"47.240.2.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289634/; classtype:trojan-activity;sid:81152734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stp/sites/9nq50ed32yi/l-53515-83320-lktkp9crafh-7ohlwvw6htp/"; http_uri; depth:61; isdataat:!1,relative; content:"43.250.164.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289633/; classtype:trojan-activity;sid:81152733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/siifjm52"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289632/; classtype:trojan-activity;sid:81152732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bhuh1cvu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289631/; classtype:trojan-activity;sid:81152731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zywuqdam"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289630/; classtype:trojan-activity;sid:81152730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/personal-166824498-yl1978h5gi0wjdw/verified-space/ml7cxd-ojuzp2tby/"; http_uri; depth:80; isdataat:!1,relative; content:"148.70.74.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289629/; classtype:trojan-activity;sid:81152729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web/docs/acwqsne0/mh-5279343798-014939-nqqllmjnhvs-p6y5dzdc7x/"; http_uri; depth:63; isdataat:!1,relative; content:"41.89.94.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289628/; classtype:trojan-activity;sid:81152728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ghomework/protected-resource/external-area/6314288988-vynq8gjtb/"; http_uri; depth:65; isdataat:!1,relative; content:"122.112.226.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289627/; classtype:trojan-activity;sid:81152727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/common_sector/doc/9rl-450823-255688-hz76050nue3-endr88fe/"; http_uri; depth:58; isdataat:!1,relative; content:"35.220.155.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289626/; classtype:trojan-activity;sid:81152726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uqnrbys5e/llc/l05mtjh6u2/f97nz5w-6826-59321-sjzk3tthi-3miwm3g/"; http_uri; depth:63; isdataat:!1,relative; content:"120.79.106.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289625/; classtype:trojan-activity;sid:81152725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/edre/bswy-b3bj88c4naubwm-array/external-cloud/y7jiclwdlrel-e07pk8spi0g/"; http_uri; depth:79; isdataat:!1,relative; content:"138.97.105.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289624/; classtype:trojan-activity;sid:81152724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/daceeaq4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289623/; classtype:trojan-activity;sid:81152723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/csquared_bck/file/3pytkpy0/"; http_uri; depth:28; isdataat:!1,relative; content:"162.243.241.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289622/; classtype:trojan-activity;sid:81152722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/6cd1z5p/490xy2eobw-nqkm8s5w-zone/interior-area/5969062-w8fzsnpbrdob/"; http_uri; depth:69; isdataat:!1,relative; content:"120.97.20.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289621/; classtype:trojan-activity;sid:81152721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2016/document/zn9zk608w6yr/"; http_uri; depth:28; isdataat:!1,relative; content:"a-tech.ac.th"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289620/; classtype:trojan-activity;sid:81152720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wr0pezn/report/jr-03928953-987261-xgycneqxh5-4y33/"; http_uri; depth:51; isdataat:!1,relative; content:"106.12.111.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289619/; classtype:trojan-activity;sid:81152719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/52581811122767/"; http_uri; depth:35; isdataat:!1,relative; content:"netyte.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289618/; classtype:trojan-activity;sid:81152718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/multifunctional-zone/close-space/3726094552684-shnlr09dvxb2/"; http_uri; depth:72; isdataat:!1,relative; content:"rodyaevents.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289617/; classtype:trojan-activity;sid:81152717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitemap/oct/2a-212254064-39193812-swg0kgn-onbsaif2b/"; http_uri; depth:53; isdataat:!1,relative; content:"shivambhardwaj.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289616/; classtype:trojan-activity;sid:81152716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/70045543399_ksjdjbu_module/5134039813_7pysmpbu6ygws_space/72206092_9lgg97/"; http_uri; depth:84; isdataat:!1,relative; content:"sanritsudeco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289615/; classtype:trojan-activity;sid:81152715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a5bc0d28dba0d6b56ad1f1461a4d329e/reporting/dyvjd-696219808-4042970-bn8w-pxacu9e9e1/"; http_uri; depth:84; isdataat:!1,relative; content:"zeniaxsolution.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289614/; classtype:trojan-activity;sid:81152714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/sites/k9l76jfiqgl/lbdb-15120131-713414629-n6zsmf-du7k4r/"; http_uri; depth:61; isdataat:!1,relative; content:"ancientalienartifacts.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289613/; classtype:trojan-activity;sid:81152713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.40.105.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289612/; classtype:trojan-activity;sid:81152712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289611/; classtype:trojan-activity;sid:81152711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.164.180.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289610/; classtype:trojan-activity;sid:81152710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.243.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289609/; classtype:trojan-activity;sid:81152709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289608/; classtype:trojan-activity;sid:81152708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.139.92.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289607/; classtype:trojan-activity;sid:81152707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.98.117.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289606/; classtype:trojan-activity;sid:81152706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.203.30.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289605/; classtype:trojan-activity;sid:81152705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/parts_service/"; http_uri; depth:31; isdataat:!1,relative; content:"www.hbcncrepair.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289604/; classtype:trojan-activity;sid:81152704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter-uplqjsp7/available-array/open-profile/9xnbsn2ngdy-z4us5/"; http_uri; depth:68; isdataat:!1,relative; content:"www.thevapordistro.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289603/; classtype:trojan-activity;sid:81152703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/91e2fca84a1703bcfb4cfe4e9d0c11b0/sites/"; http_uri; depth:40; isdataat:!1,relative; content:"fcnord17.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289602/; classtype:trojan-activity;sid:81152702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vssver2/t1nfu9-8w0hv1swllus-box/interior-area/vuvgys6vm00oq7-8w3xsz0/"; http_uri; depth:70; isdataat:!1,relative; content:"www.thenesthomestay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289601/; classtype:trojan-activity;sid:81152701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/ud91pgd/22c9ul2-4058057027-49-exoy-131dv9f/"; http_uri; depth:61; isdataat:!1,relative; content:"www.onlinemagyarorszag.hu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289600/; classtype:trojan-activity;sid:81152700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/activate/protected-i1aey-1zx6aco/interior-area/e6943c7d-6wxs/"; http_uri; depth:62; isdataat:!1,relative; content:"justinscolary.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289599/; classtype:trojan-activity;sid:81152699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/uu6n23efn/"; http_uri; depth:25; isdataat:!1,relative; content:"www.homeprogram.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289598/; classtype:trojan-activity;sid:81152698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/90dv/lm/"; http_uri; depth:9; isdataat:!1,relative; content:"contebuy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289597/; classtype:trojan-activity;sid:81152697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xqwlsa/reporting/yaoujcbl/z6-96402-9268348-8h7e8mb71w-mz7kjc/"; http_uri; depth:62; isdataat:!1,relative; content:"augustaflame.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289596/; classtype:trojan-activity;sid:81152696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/contacto/statement/rnlgxp9/"; http_uri; depth:28; isdataat:!1,relative; content:"www.ecokamal.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289595/; classtype:trojan-activity;sid:81152695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/partner_out/balance/u73lbn3scg89/kan8y-881792091-631-bfaykxt-cgluyy/"; http_uri; depth:69; isdataat:!1,relative; content:"247legalservices.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289594/; classtype:trojan-activity;sid:81152694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config.smell/available_k7yh1xz3jd_f4gg8af/open_forum/1270779_ppy5jchv/"; http_uri; depth:71; isdataat:!1,relative; content:"jonesmemorialhomes.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289593/; classtype:trojan-activity;sid:81152693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stats/docs/56kv04fo08/"; http_uri; depth:23; isdataat:!1,relative; content:"globalcreditpartners.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289592/; classtype:trojan-activity;sid:81152692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/balance/kkqkekmj93t/tbbty-763150-124420-dg58-04cyij/"; http_uri; depth:57; isdataat:!1,relative; content:"beautyandcarelondon.co.uk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289591/; classtype:trojan-activity;sid:81152691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9z55/586293993-zgnlqfyq11axw0v-resource/verifiable-728264120-lgio7b3/jilnksk5nco21-s4ttt70tx6/"; http_uri; depth:95; isdataat:!1,relative; content:"orlandohoppers.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289590/; classtype:trojan-activity;sid:81152690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter-5eglnz/doc/"; http_uri; depth:23; isdataat:!1,relative; content:"leorich.com.tw"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289589/; classtype:trojan-activity;sid:81152689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eu0o0esxn/multifunctional_zone/external_8548560_clmvfraz/cddl5r1u9dv_6x7sus2z/"; http_uri; depth:79; isdataat:!1,relative; content:"validservices.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289588/; classtype:trojan-activity;sid:81152688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/includes/balance/0416dq/6h4-7968850-233634739-db2cejw0s3-zhyoulsu536/"; http_uri; depth:79; isdataat:!1,relative; content:"sergiweb.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289587/; classtype:trojan-activity;sid:81152687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e2fe9dc0dd7e66786d7c899dbdc5b0cf/closed_resource/guarded_space/lq4drdopd_rbf0sanswrp/"; http_uri; depth:86; isdataat:!1,relative; content:"www.elitecarerecruitment.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289586/; classtype:trojan-activity;sid:81152686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/reporting/"; http_uri; depth:23; isdataat:!1,relative; content:"www.almada.net.sa"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289585/; classtype:trojan-activity;sid:81152685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/pzzh2us-131111-736774-k6gs0p15uc1-vsgcnoxmv/"; http_uri; depth:58; isdataat:!1,relative; content:"www.aiga.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289584/; classtype:trojan-activity;sid:81152684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/dp9687iqj/2-9720-3942608-z260-bo5zk/"; http_uri; depth:49; isdataat:!1,relative; content:"www.opccmission.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289583/; classtype:trojan-activity;sid:81152683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/antigo/available_section/interior_cloud/jolj3fbx4jc_lu95cm4w7cw98i/"; http_uri; depth:68; isdataat:!1,relative; content:"www.valleverdepesca.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289582/; classtype:trojan-activity;sid:81152682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289581/; classtype:trojan-activity;sid:81152681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289580/; classtype:trojan-activity;sid:81152680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.19.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289579/; classtype:trojan-activity;sid:81152679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.14.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289578/; classtype:trojan-activity;sid:81152678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289577/; classtype:trojan-activity;sid:81152677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289576/; classtype:trojan-activity;sid:81152676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.245.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289575/; classtype:trojan-activity;sid:81152675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289574/; classtype:trojan-activity;sid:81152674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.140.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289573/; classtype:trojan-activity;sid:81152673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.151.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289572/; classtype:trojan-activity;sid:81152672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289571/; classtype:trojan-activity;sid:81152671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.0.124.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289570/; classtype:trojan-activity;sid:81152670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.40.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289569/; classtype:trojan-activity;sid:81152669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289568/; classtype:trojan-activity;sid:81152668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289567/; classtype:trojan-activity;sid:81152667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.31.6.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289566/; classtype:trojan-activity;sid:81152666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/"; http_uri; depth:17; isdataat:!1,relative; content:"92jobz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289565/; classtype:trojan-activity;sid:81152665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/70d9a4fca85c48cac6b53f77a482f1fe/open-module/lq8j1yywfg-nngszouxmxmq-space/1xw5i7msw5n-s93zv4y1/"; http_uri; depth:97; isdataat:!1,relative; content:"cortinasvf.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289564/; classtype:trojan-activity;sid:81152664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/b8nookv/attachments/3wevl3/"; http_uri; depth:28; isdataat:!1,relative; content:"www.xiangm8.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289563/; classtype:trojan-activity;sid:81152663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jetpack-temp/closed_disk/782411_4ganrdrwb2z6e_area/tafq2se515i0v_t2862v0s3520/"; http_uri; depth:79; isdataat:!1,relative; content:"mingalapa.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289562/; classtype:trojan-activity;sid:81152662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3rpj22/documentation/"; http_uri; depth:22; isdataat:!1,relative; content:"www.sreekamakshisilks.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289561/; classtype:trojan-activity;sid:81152661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pbiranjy57/protected_resource/interior_075153087409_dtha9j27npw/tm5o7i_2jz2evmnknm3/"; http_uri; depth:85; isdataat:!1,relative; content:"sgdwtoken.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289560/; classtype:trojan-activity;sid:81152660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/"; http_uri; depth:17; isdataat:!1,relative; content:"gsttutorial.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289559/; classtype:trojan-activity;sid:81152659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/disclosures/571714/remy4poffl0/ypp-00997-615778016-zjynt5o-371j0u4/"; http_uri; depth:68; isdataat:!1,relative; content:"lausinexamenes.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289558/; classtype:trojan-activity;sid:81152658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngamm/fx2e-2tgzu4trrvjaa8-82636293-g6pc5/guarded-area/7axx1gvi5nmno1j-z285w/"; http_uri; depth:77; isdataat:!1,relative; content:"technopicks4women.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289557/; classtype:trojan-activity;sid:81152657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/reporting/wdrw-69669-22839969-0mkpedu0ho7-bmhr525v73/"; http_uri; depth:65; isdataat:!1,relative; content:"thebenefitshubtraining.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289556/; classtype:trojan-activity;sid:81152656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nxnxjzjdhjdjd/documentation/2y0q5sp0/"; http_uri; depth:38; isdataat:!1,relative; content:"treadball.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289555/; classtype:trojan-activity;sid:81152655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/overview/"; http_uri; depth:14; isdataat:!1,relative; content:"thecurrenthotel.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289554/; classtype:trojan-activity;sid:81152654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/available-disk/test-forum/sw4jse0mqbrs5e4-5zwutt3s/"; http_uri; depth:61; isdataat:!1,relative; content:"www.ambiance-piscines.fr"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289553/; classtype:trojan-activity;sid:81152653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0868e784ba5af656b959f6ec5e4e9428/lm/w-13934129-247725944-3tq3-pe66/"; http_uri; depth:68; isdataat:!1,relative; content:"www.akarosi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289552/; classtype:trojan-activity;sid:81152652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rbbzf/2917480598-7t2f6ddybkyev-oo65-ljqjcf6f553difs/wtvw-bgh1sp5-forum/85857337263071-6ffxyee/"; http_uri; depth:95; isdataat:!1,relative; content:"fxsignalreviews.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289551/; classtype:trojan-activity;sid:81152651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/ioxpti-6878638-735-7097-t52kr4u9z/"; http_uri; depth:51; isdataat:!1,relative; content:"studiobonus.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289550/; classtype:trojan-activity;sid:81152650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zeodetect/multifunctional_section/434272992_mr7uxeh_p96oqb_ctblwijv/ymg3nxaxlpm_1ze51a6c8/"; http_uri; depth:91; isdataat:!1,relative; content:"zeodetect.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289549/; classtype:trojan-activity;sid:81152649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/f20a0cda2eefbedadf38e72ef70fc639/paclm/w3ahnyym/cpo6-7041025450-967933-fnhn0mna-8h00/"; http_uri; depth:86; isdataat:!1,relative; content:"incotec.com.bo"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289548/; classtype:trojan-activity;sid:81152648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okogjiasdsad/65087_aifg6lworz8od_module/security_space/4163072_zyahfu/"; http_uri; depth:71; isdataat:!1,relative; content:"gakacc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289547/; classtype:trojan-activity;sid:81152647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/swift/"; http_uri; depth:11; isdataat:!1,relative; content:"www.transmac.com.mo"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289546/; classtype:trojan-activity;sid:81152646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/private-section/guarded-fbgm-l24iykwnuhh6e/oclcjerd-gaxord7c/"; http_uri; depth:71; isdataat:!1,relative; content:"ateamagencies.000webhostapp.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289545/; classtype:trojan-activity;sid:81152645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/documentation/1ti8pyrd/pmpga-624-25-kbvhs10nlr-juwts/"; http_uri; depth:67; isdataat:!1,relative; content:"www.openhouseinteriorsinc.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289544/; classtype:trojan-activity;sid:81152644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/yedxjzza_ragswwwpovbr_jkn9y0_tb8bygj/open_forum/4327632783561_ktdpkz/"; http_uri; depth:79; isdataat:!1,relative; content:"cg.hotwp.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289543/; classtype:trojan-activity;sid:81152643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/swift/"; http_uri; depth:16; isdataat:!1,relative; content:"admyinfo.000webhostapp.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289542/; classtype:trojan-activity;sid:81152642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oct/"; http_uri; depth:14; isdataat:!1,relative; content:"demo3.gdavietnam.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289541/; classtype:trojan-activity;sid:81152641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/in29l1s-67pgx0jzv-ahuhm-tnk71zyqp/close-forum/wjhlht7-92t1xv2153y/"; http_uri; depth:78; isdataat:!1,relative; content:"studiosetareh.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289540/; classtype:trojan-activity;sid:81152640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/666089213988700162/666089413151031306/399547_rs4859_posblk6es79720ba520.7z"; http_uri; depth:87; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289539/; classtype:trojan-activity;sid:81152639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289538/; classtype:trojan-activity;sid:81152638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289537/; classtype:trojan-activity;sid:81152637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289536/; classtype:trojan-activity;sid:81152636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.248.105.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289535/; classtype:trojan-activity;sid:81152635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.191.105.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289534/; classtype:trojan-activity;sid:81152634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289533/; classtype:trojan-activity;sid:81152633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.124.150.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289532/; classtype:trojan-activity;sid:81152632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289531/; classtype:trojan-activity;sid:81152631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289530/; classtype:trojan-activity;sid:81152630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289529/; classtype:trojan-activity;sid:81152629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.71.96.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289528/; classtype:trojan-activity;sid:81152628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289527/; classtype:trojan-activity;sid:81152627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289526/; classtype:trojan-activity;sid:81152626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289525/; classtype:trojan-activity;sid:81152625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289524/; classtype:trojan-activity;sid:81152624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.151.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289523/; classtype:trojan-activity;sid:81152623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289522/; classtype:trojan-activity;sid:81152622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289521/; classtype:trojan-activity;sid:81152621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289520/; classtype:trojan-activity;sid:81152620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inc/4z7wpj/"; http_uri; depth:21; isdataat:!1,relative; content:"shop-an-khang.000webhostapp.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289519/; classtype:trojan-activity;sid:81152619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/9104688-3znevgvl8-snwl92xj3t4-rk11ys7/additional-profile/mc4ez9nc-6y65tsy/"; http_uri; depth:86; isdataat:!1,relative; content:"praxismall.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289518/; classtype:trojan-activity;sid:81152618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/invoice/invoice/"; http_uri; depth:37; isdataat:!1,relative; content:"www.tvbar.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_16; reference:url, urlhaus.abuse.ch/url/289517/; classtype:trojan-activity;sid:81152617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/protected_oodcr_yvnvjiwjdmpts5/security_forum/wdq_xvy17u804y78u1/"; http_uri; depth:75; isdataat:!1,relative; content:"ies-cura-valera.000webhostapp.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289516/; classtype:trojan-activity;sid:81152616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mbksle153jdsje/etrac/4k8yriane4d/rm7yia-75401-21679-gvu9f-xmwpfd/"; http_uri; depth:66; isdataat:!1,relative; content:"cms.cslivebr.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289514/; classtype:trojan-activity;sid:81152614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbrf/paclm/"; http_uri; depth:12; isdataat:!1,relative; content:"landingpage.neomeric.us"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289512/; classtype:trojan-activity;sid:81152612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/multifunctional-section/individual-5ff46wku37-6keogaigmn/tkn9pfruw3-jakm2lh2nymm6z/"; http_uri; depth:84; isdataat:!1,relative; content:"butterflyvfx.synergy-college.org"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289511/; classtype:trojan-activity;sid:81152611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mbksle153jdsje/0i29oz/"; http_uri; depth:23; isdataat:!1,relative; content:"blog.3c0m.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289510/; classtype:trojan-activity;sid:81152610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/personal-resource/l14g6-fhn5d28ni6jqm-forum/nkwfvtdcu3p2-9eio92jp7/"; http_uri; depth:77; isdataat:!1,relative; content:"imurprint.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289509/; classtype:trojan-activity;sid:81152609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/overview/jfnn3-7948-223-jk8cqije8-esnk00emgk1/"; http_uri; depth:56; isdataat:!1,relative; content:"elektrimo.000webhostapp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289508/; classtype:trojan-activity;sid:81152608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web_map/mqgm-tqficgt-48202237-0sjlrafds2ba/security-area/qchwi1cqgo-yu956gnjv4/"; http_uri; depth:80; isdataat:!1,relative; content:"testremix.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289507/; classtype:trojan-activity;sid:81152607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logreport/invoice/psw0cf37k7h/q-995710-672375358-xeivqgvfn-xbjg0lthjgpg/"; http_uri; depth:73; isdataat:!1,relative; content:"www.app48.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289506/; classtype:trojan-activity;sid:81152606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/agds/report/"; http_uri; depth:13; isdataat:!1,relative; content:"cha.6888ka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289505/; classtype:trojan-activity;sid:81152605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/u-54800-54916-byub-qoh2dvut/"; http_uri; depth:50; isdataat:!1,relative; content:"ga.neomeric.us"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289504/; classtype:trojan-activity;sid:81152604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal_zone/guarded_cloud/795557374_rfjisqodba/"; http_uri; depth:59; isdataat:!1,relative; content:"telco.dev.neomeric.us"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289503/; classtype:trojan-activity;sid:81152603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/private_disk/verifiable_cloud/ajxaf5lhpvs_wg8qiyljnuaj/"; http_uri; depth:60; isdataat:!1,relative; content:"thawani-pay.neomeric.us"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289502/; classtype:trojan-activity;sid:81152602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289501/; classtype:trojan-activity;sid:81152601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289500/; classtype:trojan-activity;sid:81152600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289499/; classtype:trojan-activity;sid:81152599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289498/; classtype:trojan-activity;sid:81152598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289497/; classtype:trojan-activity;sid:81152597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289496/; classtype:trojan-activity;sid:81152596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289495/; classtype:trojan-activity;sid:81152595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289494/; classtype:trojan-activity;sid:81152594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289493/; classtype:trojan-activity;sid:81152593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289492/; classtype:trojan-activity;sid:81152592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"76.91.214.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289491/; classtype:trojan-activity;sid:81152591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"104.140.114.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289490/; classtype:trojan-activity;sid:81152590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"218.161.23.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289489/; classtype:trojan-activity;sid:81152589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pbknr/personal-zone/verifiable-warehouse/vnvy8-0s68ss/"; http_uri; depth:55; isdataat:!1,relative; content:"eventi.webinarbox.it"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289488/; classtype:trojan-activity;sid:81152588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/hqwflqqdr/"; http_uri; depth:15; isdataat:!1,relative; content:"guiltless-plot.flywheelsites.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289487/; classtype:trojan-activity;sid:81152587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/w6l5lb3p/"; http_uri; depth:21; isdataat:!1,relative; content:"quickwashing.cl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289486/; classtype:trojan-activity;sid:81152586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/afx/52rs/"; http_uri; depth:10; isdataat:!1,relative; content:"www.rishishwarfoundation.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289485/; classtype:trojan-activity;sid:81152585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jhq5ds/zba6dphn/"; http_uri; depth:17; isdataat:!1,relative; content:"itsweezle.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289484/; classtype:trojan-activity;sid:81152584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/5u9/"; http_uri; depth:17; isdataat:!1,relative; content:"www.aquafavour.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289483/; classtype:trojan-activity;sid:81152583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/available_o3bjy1ib_ooc30ow3fzmrto/verifiable_8729542003_ureqebbukalz/c0vu3d_51my8ev5k/"; http_uri; depth:98; isdataat:!1,relative; content:"www.hbyygb.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289482/; classtype:trojan-activity;sid:81152582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/"; http_uri; depth:17; isdataat:!1,relative; content:"blog.orig.xin"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289481/; classtype:trojan-activity;sid:81152581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/multifunctional-array/fs3p9a5j1asbv-3s6ygjjrrlmka-df7t-tlf0bte15ovb8/566191059633-eue1bv/"; http_uri; depth:99; isdataat:!1,relative; content:"atliftaa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289480/; classtype:trojan-activity;sid:81152580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/q/overview/"; http_uri; depth:12; isdataat:!1,relative; content:"www.confidentlook.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289479/; classtype:trojan-activity;sid:81152579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wc-logs/etrac/"; http_uri; depth:15; isdataat:!1,relative; content:"muanickcf.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289478/; classtype:trojan-activity;sid:81152578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qntzp/common-array/verifiable-profile/jmsctkm4b-1yt415tv28yv9s/"; http_uri; depth:64; isdataat:!1,relative; content:"coachhire-oxford.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289477/; classtype:trojan-activity;sid:81152577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289476/; classtype:trojan-activity;sid:81152576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.144.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289475/; classtype:trojan-activity;sid:81152575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.157.219.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289474/; classtype:trojan-activity;sid:81152574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.111.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289473/; classtype:trojan-activity;sid:81152573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.229.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289472/; classtype:trojan-activity;sid:81152572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.173.81.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289471/; classtype:trojan-activity;sid:81152571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.82.73.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289470/; classtype:trojan-activity;sid:81152570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289469/; classtype:trojan-activity;sid:81152569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.241.224.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289468/; classtype:trojan-activity;sid:81152568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289467/; classtype:trojan-activity;sid:81152567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289466/; classtype:trojan-activity;sid:81152566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.159.207.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289465/; classtype:trojan-activity;sid:81152565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.90.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289464/; classtype:trojan-activity;sid:81152564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.14.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289463/; classtype:trojan-activity;sid:81152563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.98.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289462/; classtype:trojan-activity;sid:81152562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.125.37.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289461/; classtype:trojan-activity;sid:81152561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.199.0.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289460/; classtype:trojan-activity;sid:81152560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.180.194.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289459/; classtype:trojan-activity;sid:81152559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4d52/esp/j-5424-66382643-leqs68k722d-lhv59q/"; http_uri; depth:45; isdataat:!1,relative; content:"cbspisp.applay.club"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289458/; classtype:trojan-activity;sid:81152558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/multifunctional_array/guarded_warehouse/829924960365_botnvaax34p/"; http_uri; depth:75; isdataat:!1,relative; content:"kameldigital.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289457/; classtype:trojan-activity;sid:81152557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2qp8oa7k/file/bycv1-8990607307-23314409-fqnbag595l-igpjvnd/"; http_uri; depth:60; isdataat:!1,relative; content:"anhuiheye.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289456/; classtype:trojan-activity;sid:81152556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/l1dob2_ne3bthho1rqnqx_section/additional_warehouse/73837968177_6eynyoy7r/"; http_uri; depth:83; isdataat:!1,relative; content:"milbaymedya.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289455/; classtype:trojan-activity;sid:81152555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/05w2iyhz2vfkkg/"; http_uri; depth:25; isdataat:!1,relative; content:"darul-arqam.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289454/; classtype:trojan-activity;sid:81152554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oct/ffp-04782-22201-wpbmcs-dsucc/"; http_uri; depth:43; isdataat:!1,relative; content:"madinahparadise.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289453/; classtype:trojan-activity;sid:81152553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kcwl/personal_array/special_forum/3966045525_mzzsfd9o4z4/"; http_uri; depth:58; isdataat:!1,relative; content:"159.65.237.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289452/; classtype:trojan-activity;sid:81152552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/5lfy42h9/5hk-655235-45-jx0q0gcc09b-k98cpk0t/"; http_uri; depth:60; isdataat:!1,relative; content:"167.172.209.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289451/; classtype:trojan-activity;sid:81152551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/common-resource/verified-t4kf1nxgk-t3f1q5a/48etx0717j33t8l-u8t646xw5y55z/"; http_uri; depth:83; isdataat:!1,relative; content:"178.62.98.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289450/; classtype:trojan-activity;sid:81152550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/error/7wj1/"; http_uri; depth:12; isdataat:!1,relative; content:"rochun.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289449/; classtype:trojan-activity;sid:81152549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/abenm155769/"; http_uri; depth:21; isdataat:!1,relative; content:"realizaweb.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289448/; classtype:trojan-activity;sid:81152548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pyul573/"; http_uri; depth:18; isdataat:!1,relative; content:"pmvraetsel.newsoftdemo.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289447/; classtype:trojan-activity;sid:81152547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/8xshhk/"; http_uri; depth:16; isdataat:!1,relative; content:"fdhk.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289446/; classtype:trojan-activity;sid:81152546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/n8cwi/"; http_uri; depth:16; isdataat:!1,relative; content:"iihttanzania.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289445/; classtype:trojan-activity;sid:81152545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/drcn9c/attachments/8du24y3h95y/"; http_uri; depth:32; isdataat:!1,relative; content:"39.106.55.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289444/; classtype:trojan-activity;sid:81152544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/closed_box/close_space/49030625_jthzlnn91/"; http_uri; depth:55; isdataat:!1,relative; content:"212.64.90.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289443/; classtype:trojan-activity;sid:81152543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/f1t3-571-794393-dog1hvtxko9-ag9f3ss/"; http_uri; depth:62; isdataat:!1,relative; content:"60.205.181.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289442/; classtype:trojan-activity;sid:81152542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/icon/multifunctional_box/vg53cse78awvnk_w1aeeac_warehouse/sb2q5xoyvcd97gh7_3t4yw7/"; http_uri; depth:83; isdataat:!1,relative; content:"207.148.93.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289441/; classtype:trojan-activity;sid:81152541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/browse/tpace6g/"; http_uri; depth:25; isdataat:!1,relative; content:"babyone.kg"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289440/; classtype:trojan-activity;sid:81152540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/private_ahrr_8d96buv7sx2/test_space/43588120_uxgzy/"; http_uri; depth:61; isdataat:!1,relative; content:"yefta.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289439/; classtype:trojan-activity;sid:81152539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/multifunctional_v4wxqh74sbw5cc_q93f6/corporate_yo7dzrx_6jdpqh6wrbgtbh/o2ext_48sy6ww13/"; http_uri; depth:96; isdataat:!1,relative; content:"3.19.56.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289438/; classtype:trojan-activity;sid:81152538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/4n186emw/"; http_uri; depth:29; isdataat:!1,relative; content:"35.184.191.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289437/; classtype:trojan-activity;sid:81152537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oxygen/parts_service/zls7o42j0wyb/3nm9bx-9521-69656764-d5719utt-xbclm1/"; http_uri; depth:72; isdataat:!1,relative; content:"159.65.156.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289436/; classtype:trojan-activity;sid:81152536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/atees/wp-content/open-sector/corporate-44522840542-a4rx2zqom6y/blvks97-lpss04sejmx/"; http_uri; depth:84; isdataat:!1,relative; content:"52.66.243.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289435/; classtype:trojan-activity;sid:81152535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/clients/report/mb4j0yfxliig/"; http_uri; depth:29; isdataat:!1,relative; content:"bithostbd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289434/; classtype:trojan-activity;sid:81152534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/open_disk/htej0rbo_6io0qbxvnbnd9_forum/96773921_qnyrmhrx0vzx0ujr/"; http_uri; depth:78; isdataat:!1,relative; content:"dairwa-agri.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289433/; classtype:trojan-activity;sid:81152533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mbksle153jdsje/sites/cpbj5lf6/"; http_uri; depth:31; isdataat:!1,relative; content:"codetest4.deltastaging.se"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289432/; classtype:trojan-activity;sid:81152532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/closed_module/verifiable_profile/scikxkr3j_6l4klohe7qqr2c/"; http_uri; depth:68; isdataat:!1,relative; content:"dynamicsecurityltd.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289431/; classtype:trojan-activity;sid:81152531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/payment/2iz3zug3/zuug0n-535295-2793768-f27il3v-gqqud/"; http_uri; depth:65; isdataat:!1,relative; content:"101.132.182.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289430/; classtype:trojan-activity;sid:81152530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/z1oanerp-bfsye4suqgogccg-sector/interior-cloud/hosabhfhsip-wy61/"; http_uri; depth:76; isdataat:!1,relative; content:"chitwanparkvillage.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289429/; classtype:trojan-activity;sid:81152529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/llc/"; http_uri; depth:14; isdataat:!1,relative; content:"idnpoker.asiapoker77.co"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289428/; classtype:trojan-activity;sid:81152528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cupang/oct/4h7krpjy/b7fr0-721431701-432909392-222fw25-gnecb/"; http_uri; depth:61; isdataat:!1,relative; content:"krones.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289427/; classtype:trojan-activity;sid:81152527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/closed-module/external-portal/jrn4s-v3y8y0v/"; http_uri; depth:54; isdataat:!1,relative; content:"cpawhy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289426/; classtype:trojan-activity;sid:81152526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mgupp/reporting/h0gvix0hnuwi/"; http_uri; depth:30; isdataat:!1,relative; content:"sportident.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289425/; classtype:trojan-activity;sid:81152525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.106.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289424/; classtype:trojan-activity;sid:81152524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289423/; classtype:trojan-activity;sid:81152523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.235.61.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289422/; classtype:trojan-activity;sid:81152522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.226.183.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289421/; classtype:trojan-activity;sid:81152521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289420/; classtype:trojan-activity;sid:81152520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.180.234.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289419/; classtype:trojan-activity;sid:81152519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.190.98.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289418/; classtype:trojan-activity;sid:81152518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/j8ikmq/multifunctional_zone/verified_warehouse/xxkc6_1459242s7w/"; http_uri; depth:65; isdataat:!1,relative; content:"47.98.138.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289417/; classtype:trojan-activity;sid:81152517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/53fi5rwzp851p/22zvqs/"; http_uri; depth:33; isdataat:!1,relative; content:"194.113.107.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289416/; classtype:trojan-activity;sid:81152516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubiks365kfjwe/common_disk/4kd3xp3j_5ri04_space/ztww77ls6e72qpjs_t1390510su8t/"; http_uri; depth:78; isdataat:!1,relative; content:"iqww.cn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289415/; classtype:trojan-activity;sid:81152515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/"; http_uri; depth:16; isdataat:!1,relative; content:"mymidgette.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289414/; classtype:trojan-activity;sid:81152514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/private-2708865038-qat4fby2qovwk2xb/urzkf-tjzlxbpddasdy-space/93408119693056-k3lf7w1ujcun/"; http_uri; depth:103; isdataat:!1,relative; content:"so766.sohost.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289413/; classtype:trojan-activity;sid:81152513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fewigq/paclm/z9ksqotf/"; http_uri; depth:23; isdataat:!1,relative; content:"www.zingicg.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289412/; classtype:trojan-activity;sid:81152512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/closed_resource/12oki5tze9qhh_6tsb_profile/000861916739_8qpbr/"; http_uri; depth:71; isdataat:!1,relative; content:"mchelex.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289411/; classtype:trojan-activity;sid:81152511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/llc/hs8-195276046-626-6w6jb69yh-s2spgmgtpyag/"; http_uri; depth:49; isdataat:!1,relative; content:"eco.webomazedemo.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289410/; classtype:trojan-activity;sid:81152510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zdbpmhp7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289409/; classtype:trojan-activity;sid:81152509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/19fwxsvt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289408/; classtype:trojan-activity;sid:81152508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/protected-796080331-1eiaumy/security-forum/176043918-c0aiyfsvfcrd/"; http_uri; depth:76; isdataat:!1,relative; content:"iguidglobal.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289407/; classtype:trojan-activity;sid:81152507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toibuxh6kg/report/mp0rodv7v8np/97ja37-517-94965206-x4922-yjdefm8yiu/"; http_uri; depth:69; isdataat:!1,relative; content:"speaklishworld.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289406/; classtype:trojan-activity;sid:81152506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tj0po/public/d5-720667724-4960737-9mv9-kusd13pj4/"; http_uri; depth:50; isdataat:!1,relative; content:"simplycannabis207.me"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289405/; classtype:trojan-activity;sid:81152505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/private-array/corporate-area/ogp63gj64-w7u4s2/"; http_uri; depth:55; isdataat:!1,relative; content:"waleedintagency.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289404/; classtype:trojan-activity;sid:81152504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/6s413xp1/"; http_uri; depth:29; isdataat:!1,relative; content:"www.windo360.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289403/; classtype:trojan-activity;sid:81152503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/protected-5982223609481-gtjjus5zn4h/individual-warehouse/94010590486-550stlqkptoixm/"; http_uri; depth:88; isdataat:!1,relative; content:"www.nutrizioneitalia.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289402/; classtype:trojan-activity;sid:81152502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289401/; classtype:trojan-activity;sid:81152501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289400/; classtype:trojan-activity;sid:81152500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.120.36.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289399/; classtype:trojan-activity;sid:81152499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.190.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289398/; classtype:trojan-activity;sid:81152498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289397/; classtype:trojan-activity;sid:81152497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.237.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289396/; classtype:trojan-activity;sid:81152496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.202.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289395/; classtype:trojan-activity;sid:81152495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289394/; classtype:trojan-activity;sid:81152494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289393/; classtype:trojan-activity;sid:81152493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289392/; classtype:trojan-activity;sid:81152492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/c6nnvdc/"; http_uri; depth:18; isdataat:!1,relative; content:"www.lance.red"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289391/; classtype:trojan-activity;sid:81152491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zwp/scan/n2vuc-6180419-0095-w2rs8zqa51-32i6uj7sd/"; http_uri; depth:50; isdataat:!1,relative; content:"testautomationacademy.in"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289390/; classtype:trojan-activity;sid:81152490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.nm68k"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289389/; classtype:trojan-activity;sid:81152489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.narm6"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289388/; classtype:trojan-activity;sid:81152488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.narm4"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289387/; classtype:trojan-activity;sid:81152487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.nx86"; http_uri; depth:15; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289386/; classtype:trojan-activity;sid:81152486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.narm5"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289385/; classtype:trojan-activity;sid:81152485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/runyp-zsv8cv-3508006/"; http_uri; depth:34; isdataat:!1,relative; content:"bbv.borgmeier.media"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289384/; classtype:trojan-activity;sid:81152484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/be19e6-le6fjr-256/"; http_uri; depth:28; isdataat:!1,relative; content:"87zn.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289383/; classtype:trojan-activity;sid:81152483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/fqbmzw/"; http_uri; depth:20; isdataat:!1,relative; content:"blog.eliminavarici.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289382/; classtype:trojan-activity;sid:81152482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vbufbbg/"; http_uri; depth:18; isdataat:!1,relative; content:"wlskdjfsa.000webhostapp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289381/; classtype:trojan-activity;sid:81152481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/-/wv4y-6w5-3697/"; http_uri; depth:17; isdataat:!1,relative; content:"abeafrique.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289380/; classtype:trojan-activity;sid:81152480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/egbkdgr/doc/9wfyx273/"; http_uri; depth:22; isdataat:!1,relative; content:"cateyes.co"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289379/; classtype:trojan-activity;sid:81152479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/recommends/available_sector/86002854849_utar8k9h_cloud/1l7cttpkxhfp_91g24uzswg/"; http_uri; depth:80; isdataat:!1,relative; content:"fairtradegs.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289378/; classtype:trojan-activity;sid:81152478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wanpwuf/41wdtm-951771435-1008763-qhvfmr-5vfk69m7b4/"; http_uri; depth:63; isdataat:!1,relative; content:"saymedia.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289377/; classtype:trojan-activity;sid:81152477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/upou3/protected_zone/special_portal/yqt6u9djulqr1u_4tt6t70x182ut2/"; http_uri; depth:67; isdataat:!1,relative; content:"propre.us"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289376/; classtype:trojan-activity;sid:81152476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.nx32"; http_uri; depth:15; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289375/; classtype:trojan-activity;sid:81152475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.nsh4"; http_uri; depth:15; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289374/; classtype:trojan-activity;sid:81152474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.narm7"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289373/; classtype:trojan-activity;sid:81152473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.nppc"; http_uri; depth:15; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289372/; classtype:trojan-activity;sid:81152472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.nmips"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289371/; classtype:trojan-activity;sid:81152471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.sh"; http_uri; depth:13; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289370/; classtype:trojan-activity;sid:81152470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.ni586"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289369/; classtype:trojan-activity;sid:81152469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n-o-r-g-e.nmpsl"; http_uri; depth:16; isdataat:!1,relative; content:"213.139.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289368/; classtype:trojan-activity;sid:81152468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.148.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289367/; classtype:trojan-activity;sid:81152467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289366/; classtype:trojan-activity;sid:81152466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289365/; classtype:trojan-activity;sid:81152465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.10.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289364/; classtype:trojan-activity;sid:81152464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.65.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289363/; classtype:trojan-activity;sid:81152463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289362/; classtype:trojan-activity;sid:81152462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.182.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289361/; classtype:trojan-activity;sid:81152461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.230.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289360/; classtype:trojan-activity;sid:81152460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289359/; classtype:trojan-activity;sid:81152459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.120.94.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289358/; classtype:trojan-activity;sid:81152458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.82.9.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289357/; classtype:trojan-activity;sid:81152457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289356/; classtype:trojan-activity;sid:81152456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289355/; classtype:trojan-activity;sid:81152455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.213.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289354/; classtype:trojan-activity;sid:81152454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/reporting/q0kg8w1/m13-728626842-434142-z92pl9xau-9ro7cwc/"; http_uri; depth:67; isdataat:!1,relative; content:"blog.800ml.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289353/; classtype:trojan-activity;sid:81152453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/bgv3qr/"; http_uri; depth:31; isdataat:!1,relative; content:"emerson-academy.2019.sites.air-rallies.org"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289352/; classtype:trojan-activity;sid:81152452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/available-8pwbbmc-k6hzuuv/additional-portal/311879-lvh7ohmvdasgmb/"; http_uri; depth:76; isdataat:!1,relative; content:"reportnow.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289351/; classtype:trojan-activity;sid:81152451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/u9w0nyiq38va/r4m7-762-415322-0uyaazcx-eukiiw7wrkf/"; http_uri; depth:60; isdataat:!1,relative; content:"christopherkeeran.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289350/; classtype:trojan-activity;sid:81152450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hubz/personal_disk/security_profile/vl53rj3vr5c2i_7433ztwsz/"; http_uri; depth:61; isdataat:!1,relative; content:"spnresearch.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289349/; classtype:trojan-activity;sid:81152449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/"; http_uri; depth:20; isdataat:!1,relative; content:"self-improvement.site"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289348/; classtype:trojan-activity;sid:81152448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/live/private_disk/individual_portal/24867548_otuqw4n/"; http_uri; depth:54; isdataat:!1,relative; content:"tareqmuhith.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289347/; classtype:trojan-activity;sid:81152447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/m5gzi-2468490607-640516-u4d49-bvwjppzo14/"; http_uri; depth:54; isdataat:!1,relative; content:"www.smithstires.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289346/; classtype:trojan-activity;sid:81152446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/personal-zone/special-rli8hwkn9x-zhsu9rvg/wcm5nqn-v7jn9izin37e/"; http_uri; depth:68; isdataat:!1,relative; content:"yoha.com.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289345/; classtype:trojan-activity;sid:81152445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/"; http_uri; depth:14; isdataat:!1,relative; content:"womenshospital.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289344/; classtype:trojan-activity;sid:81152444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c3titvfk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289343/; classtype:trojan-activity;sid:81152443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oct/zvot4r/9hocgm-8228956958-56058172-sioymxfw5rw-gkuwvbp/"; http_uri; depth:70; isdataat:!1,relative; content:"time2bass.tech"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289342/; classtype:trojan-activity;sid:81152442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/personal_section/additional_profile/kfynorlk4tp_kynjmeosniy/"; http_uri; depth:73; isdataat:!1,relative; content:"mendozago.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289341/; classtype:trojan-activity;sid:81152441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/parts_service/de6qjgcyv/"; http_uri; depth:35; isdataat:!1,relative; content:"relprosurgical.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289340/; classtype:trojan-activity;sid:81152440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/statement/tvb2l-4725988419-38525-e1i4r9ba-k7b5im80qa/"; http_uri; depth:62; isdataat:!1,relative; content:"www.cometprint.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289339/; classtype:trojan-activity;sid:81152439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/4vms-mq0s6t8-sector/verified-7125167755-srq7iz0s2wnmh0n/69084064-c6kqetz44/"; http_uri; depth:87; isdataat:!1,relative; content:"omagroup.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289338/; classtype:trojan-activity;sid:81152438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/statement/"; http_uri; depth:18; isdataat:!1,relative; content:"coachhire-miltonkeynes.co.uk"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289337/; classtype:trojan-activity;sid:81152437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/uz9dnp/"; http_uri; depth:20; isdataat:!1,relative; content:"dobrovorot.su"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289336/; classtype:trojan-activity;sid:81152436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/correo/kntr340119/"; http_uri; depth:19; isdataat:!1,relative; content:"isague.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289335/; classtype:trojan-activity;sid:81152435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/9gq/"; http_uri; depth:16; isdataat:!1,relative; content:"idnpoker.agenbolaterbaik.city"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289334/; classtype:trojan-activity;sid:81152434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/h6qs56g/"; http_uri; depth:12; isdataat:!1,relative; content:"casiroresources.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289333/; classtype:trojan-activity;sid:81152433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/h0tkdyz/"; http_uri; depth:20; isdataat:!1,relative; content:"www.dailygks.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289332/; classtype:trojan-activity;sid:81152432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/personal-disk/test-e6xpvpz2d-ffao7qzfj1/025245381308-rnybq/"; http_uri; depth:72; isdataat:!1,relative; content:"lykusglobal.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289331/; classtype:trojan-activity;sid:81152431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/838/"; http_uri; depth:14; isdataat:!1,relative; content:"youthplant.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289330/; classtype:trojan-activity;sid:81152430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uw4/"; http_uri; depth:14; isdataat:!1,relative; content:"arx163.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289329/; classtype:trojan-activity;sid:81152429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-seca/f/"; http_uri; depth:11; isdataat:!1,relative; content:"seca.infoavisos.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289328/; classtype:trojan-activity;sid:81152428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/xos/"; http_uri; depth:14; isdataat:!1,relative; content:"emdgames.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289327/; classtype:trojan-activity;sid:81152427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/b/"; http_uri; depth:14; isdataat:!1,relative; content:"lehraagrotech.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289326/; classtype:trojan-activity;sid:81152426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/juod7w/n9uq-56384-039113096-0wx9n7-h3t7id/"; http_uri; depth:63; isdataat:!1,relative; content:"shacked.webdepot.co.il"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289325/; classtype:trojan-activity;sid:81152425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/browse/"; http_uri; depth:27; isdataat:!1,relative; content:"www.marketseg.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289324/; classtype:trojan-activity;sid:81152424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/available-disk/verified-portal/16844535536-dbeltfu/"; http_uri; depth:71; isdataat:!1,relative; content:"myphamthanhbinh.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289323/; classtype:trojan-activity;sid:81152423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/documentation/u7qky-3217-106801-e6pm7-bmkif/"; http_uri; depth:58; isdataat:!1,relative; content:"mpg.bwsconsulting.com.ua"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289322/; classtype:trojan-activity;sid:81152422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/protected_resource/suz20qef_6974z199cuo9k6_9705488_drmgedcpqud/bf7va_zs36877x90/"; http_uri; depth:92; isdataat:!1,relative; content:"mail.productowner.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289321/; classtype:trojan-activity;sid:81152421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/oct/ahijchrmqgnz/"; http_uri; depth:30; isdataat:!1,relative; content:"micro.it-lobster.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289320/; classtype:trojan-activity;sid:81152420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/private_zone/0732628318_1edipsy_warehouse/9869983461_laamyek/"; http_uri; depth:75; isdataat:!1,relative; content:"peripheral.com.bd"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289319/; classtype:trojan-activity;sid:81152419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/sm4-2492497420-13090938-1twsk8nobbu-vtjk4j3l/"; http_uri; depth:66; isdataat:!1,relative; content:"roprostory.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289318/; classtype:trojan-activity;sid:81152418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289317/; classtype:trojan-activity;sid:81152417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289316/; classtype:trojan-activity;sid:81152416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289315/; classtype:trojan-activity;sid:81152415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.34.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289314/; classtype:trojan-activity;sid:81152414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.144.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289313/; classtype:trojan-activity;sid:81152413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.209.244.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289312/; classtype:trojan-activity;sid:81152412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289311/; classtype:trojan-activity;sid:81152411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.8.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289310/; classtype:trojan-activity;sid:81152410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.197.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289309/; classtype:trojan-activity;sid:81152409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.2.177.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289308/; classtype:trojan-activity;sid:81152408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"84.232.53.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289307/; classtype:trojan-activity;sid:81152407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.107.164.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289306/; classtype:trojan-activity;sid:81152406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.97.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289305/; classtype:trojan-activity;sid:81152405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289304/; classtype:trojan-activity;sid:81152404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cdn/available_box/interior_space/56957864736_vf9dx2i11nea3x2h/"; http_uri; depth:63; isdataat:!1,relative; content:"onlinepeliculas.tv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289303/; classtype:trojan-activity;sid:81152403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/7q1pz/m0s6ilz/7xih1qg-3606-816-q97u2-b03c7w1su1/"; http_uri; depth:60; isdataat:!1,relative; content:"productowner.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289302/; classtype:trojan-activity;sid:81152402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/7n1lftev1fz/gi3a6y6-841-634307-06mcmzratqk-ii798927u9a/"; http_uri; depth:65; isdataat:!1,relative; content:"sfmac.biz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289301/; classtype:trojan-activity;sid:81152401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/available_disk/l9wxoaaxdk0g_42m_warehouse/uwkgovvyu_k3gkfo16mjg3/"; http_uri; depth:78; isdataat:!1,relative; content:"thesmartgifts.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289300/; classtype:trojan-activity;sid:81152400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/1jblehwcwc47/tyrygk-881328054-8200-nacco-skrj7/"; http_uri; depth:62; isdataat:!1,relative; content:"publicidadeinove-com.umbler.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289299/; classtype:trojan-activity;sid:81152399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lqevjxwjq-sple8nvlhk-resource/test-forum/116104-mhidy3/"; http_uri; depth:67; isdataat:!1,relative; content:"streetcrane.visionsharp.co.uk"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289298/; classtype:trojan-activity;sid:81152398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lm/"; http_uri; depth:12; isdataat:!1,relative; content:"sumapai68.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289297/; classtype:trojan-activity;sid:81152397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/common_array/yylk_0zwcgxpjxh_warehouse/842732979_11bggaasc/"; http_uri; depth:60; isdataat:!1,relative; content:"eaglekart.co.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289296/; classtype:trojan-activity;sid:81152396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/attachments/vnx3tu70tzp/d9zdj-43124-26342646-8kfvkthfg-wh19ev2/"; http_uri; depth:76; isdataat:!1,relative; content:"topspeeds.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289295/; classtype:trojan-activity;sid:81152395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fhe/7yuxfdxk-0ozkkd5h1l-array/additional-warehouse/bacy4w3z5-soilnmdz3k/"; http_uri; depth:73; isdataat:!1,relative; content:"hos.efadh.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289294/; classtype:trojan-activity;sid:81152394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dup-installer/browse/v7ael-3853364-2780-fv890fwl-ghh9jjgk/"; http_uri; depth:59; isdataat:!1,relative; content:"tamthanhgroup.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289293/; classtype:trojan-activity;sid:81152393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/common_box/close_4j2p_9763rpeyv51b/203749_xwrsai/"; http_uri; depth:61; isdataat:!1,relative; content:"kcmn.x10host.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289292/; classtype:trojan-activity;sid:81152392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/lm/"; http_uri; depth:13; isdataat:!1,relative; content:"liverblue.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289291/; classtype:trojan-activity;sid:81152391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/statement/zuqvo75x5te/"; http_uri; depth:27; isdataat:!1,relative; content:"mobilegsm.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289290/; classtype:trojan-activity;sid:81152390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubiks365kfjwe/38473-w4j6iyhmf1th-box/close-portal/42564607846-vaflovia9eiv/"; http_uri; depth:76; isdataat:!1,relative; content:"sugaayurveda.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289289/; classtype:trojan-activity;sid:81152389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alfacgiapi/closed-module/corporate-area/880530-i7eh9yif2mwnxfng/"; http_uri; depth:65; isdataat:!1,relative; content:"tdmekos.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289288/; classtype:trojan-activity;sid:81152388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cartoes-pay/docs/alenln/i7siqh-55992-87064-ebty8az-uc2374/"; http_uri; depth:59; isdataat:!1,relative; content:"autopass.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289287/; classtype:trojan-activity;sid:81152387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/report//"; http_uri; depth:21; isdataat:!1,relative; content:"abba.com.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289286/; classtype:trojan-activity;sid:81152386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/y3tzjo/"; http_uri; depth:20; isdataat:!1,relative; content:"cdn.timebuyer.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289285/; classtype:trojan-activity;sid:81152385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vaogzul/"; http_uri; depth:21; isdataat:!1,relative; content:"khanhbuiads.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289284/; classtype:trojan-activity;sid:81152384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/heu/"; http_uri; depth:8; isdataat:!1,relative; content:"daihatsumurahcikarang.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289283/; classtype:trojan-activity;sid:81152383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngt/0sjhd/"; http_uri; depth:11; isdataat:!1,relative; content:"openarts.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289282/; classtype:trojan-activity;sid:81152382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jk/c/"; http_uri; depth:6; isdataat:!1,relative; content:"paginas.constructorajksalcedo.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289281/; classtype:trojan-activity;sid:81152381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/finance/swift/m-500428033-516-pu45x-fciaj9/"; http_uri; depth:44; isdataat:!1,relative; content:"quantumneurology.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289280/; classtype:trojan-activity;sid:81152380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/closed-box/additional-luo2cqzv-2fbl80ynprusqt/996864532253-sh7mzxv6p/"; http_uri; depth:82; isdataat:!1,relative; content:"arafatourist.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289279/; classtype:trojan-activity;sid:81152379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/75991155/"; http_uri; depth:23; isdataat:!1,relative; content:"it.whitestart.kz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289278/; classtype:trojan-activity;sid:81152378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/attachments/nz1s2y0/"; http_uri; depth:32; isdataat:!1,relative; content:"kenaliwrites.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289277/; classtype:trojan-activity;sid:81152377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/private-resource/corporate-forum/tpfh03wka-s7x661/"; http_uri; depth:60; isdataat:!1,relative; content:"tipnoigian.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289276/; classtype:trojan-activity;sid:81152376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yjmsgccw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289275/; classtype:trojan-activity;sid:81152375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/reporting/5uth8on1/"; http_uri; depth:32; isdataat:!1,relative; content:"rra.life"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289274/; classtype:trojan-activity;sid:81152374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jg6o2tklxxztd0ow-btp5e0awp-module/close-warehouse/mtr0yt-y32v6xzyz42/"; http_uri; depth:79; isdataat:!1,relative; content:"trungcapduochanoi.info"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289273/; classtype:trojan-activity;sid:81152373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/docs/c2sqjitvggts/j-2740624-24667-6rysm8i3-8zh56/"; http_uri; depth:60; isdataat:!1,relative; content:"qyshudong.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289272/; classtype:trojan-activity;sid:81152372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dentist.99skywave.com/available_disk/special_profile/zo3bkb3rzy_kuqcg450o46jd/"; http_uri; depth:79; isdataat:!1,relative; content:"team4.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289271/; classtype:trojan-activity;sid:81152371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/2chfrom/0bsxpx1-14419271-13-xr35g7r2-tqugq5u7unb/"; http_uri; depth:65; isdataat:!1,relative; content:"shimadzu72.hoobool.co.kr"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289270/; classtype:trojan-activity;sid:81152370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289269/; classtype:trojan-activity;sid:81152369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.16.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289268/; classtype:trojan-activity;sid:81152368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289267/; classtype:trojan-activity;sid:81152367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289266/; classtype:trojan-activity;sid:81152366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.175.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289265/; classtype:trojan-activity;sid:81152365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.211.78.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289264/; classtype:trojan-activity;sid:81152364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.61.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289263/; classtype:trojan-activity;sid:81152363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.15.89.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289262/; classtype:trojan-activity;sid:81152362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289261/; classtype:trojan-activity;sid:81152361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/y15ffh5jq7b/6-13505-259249733-2nw1o50-ab86h8lv01n/"; http_uri; depth:60; isdataat:!1,relative; content:"t2.webtilia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289260/; classtype:trojan-activity;sid:81152360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/click/personal-resource/1685777817-rpooo2gmxqq0o-o5in2nnkfbeu-d56/c8isyg9tnqg-s5w6y2y/"; http_uri; depth:87; isdataat:!1,relative; content:"trekfocus.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289259/; classtype:trojan-activity;sid:81152359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubiks365kfjwe/attachments/9t7ma0w9/59-304762-522837957-wdjpaww8dza-akt7a9lbz/"; http_uri; depth:78; isdataat:!1,relative; content:"trienlamcongnghiep.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289258/; classtype:trojan-activity;sid:81152358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/available_zone/test_4548686160_xqgce1qxmukmcy/ovsg0fpa2_ojh07822ldst/"; http_uri; depth:79; isdataat:!1,relative; content:"sport.ose.co.tz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289257/; classtype:trojan-activity;sid:81152357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3742588/zgfmj5p/81w-30253617-7121-ps86ywwwjo-tk2z8nv/"; http_uri; depth:66; isdataat:!1,relative; content:"trafs.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289256/; classtype:trojan-activity;sid:81152356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/open_disk/special_space/asegpzfc_5innqa21l/"; http_uri; depth:53; isdataat:!1,relative; content:"pudehaichuang.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289255/; classtype:trojan-activity;sid:81152355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/public/vp7zqe/"; http_uri; depth:26; isdataat:!1,relative; content:"nofile.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289254/; classtype:trojan-activity;sid:81152354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dsdelyyk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289253/; classtype:trojan-activity;sid:81152353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aok/2198b4nwzru-f7vgidfg5ad6l-box/close-cloud/08910781831490-i1f0xvq5a2yc/"; http_uri; depth:75; isdataat:!1,relative; content:"veccino56.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289252/; classtype:trojan-activity;sid:81152352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/v3du780/swmj-71228-4240-kfqc5qn0eu-ey8i6cfk/"; http_uri; depth:63; isdataat:!1,relative; content:"www.dbecome.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289251/; classtype:trojan-activity;sid:81152351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/protected_array/ohlsomt_2n01k2qy_portal/bxjugdizp8_9t5vx4/"; http_uri; depth:68; isdataat:!1,relative; content:"webdev.howpl.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289250/; classtype:trojan-activity;sid:81152350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/attachments/v3avnqzj6/"; http_uri; depth:32; isdataat:!1,relative; content:"www.bluedream.al"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289249/; classtype:trojan-activity;sid:81152349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/home/closed_4alvmj_c9rucr1xvdnqk6/verified_warehouse/axuseqxxn_851x69766/"; http_uri; depth:74; isdataat:!1,relative; content:"www.atees.sg"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289248/; classtype:trojan-activity;sid:81152348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/etrac/"; http_uri; depth:19; isdataat:!1,relative; content:"snt-3.rubtsovsk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289247/; classtype:trojan-activity;sid:81152347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/business/reporting/as-775-0711502-d1drc3pxf-duow7xpfcf/"; http_uri; depth:56; isdataat:!1,relative; content:"unforum.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289246/; classtype:trojan-activity;sid:81152346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/docs/xwtb2cv/"; http_uri; depth:17; isdataat:!1,relative; content:"the-master.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289245/; classtype:trojan-activity;sid:81152345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/6q8s0-1010608-280596-zzcfl-lbmjeqqx81/"; http_uri; depth:54; isdataat:!1,relative; content:"rentacar.infosd.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289244/; classtype:trojan-activity;sid:81152344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/balance/k1lo5apgli/"; http_uri; depth:26; isdataat:!1,relative; content:"www.budmax.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289243/; classtype:trojan-activity;sid:81152343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/65499911_jbuuuk7qxqjs7x6_zone/verifiable_wauqqj9_jbix5mlq8/434738_6ty7ncvqsyorm/"; http_uri; depth:90; isdataat:!1,relative; content:"web.hfsistemas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289242/; classtype:trojan-activity;sid:81152342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/public/zo3n8ksv1/ia-546-0516-knga2wjs9i-1nlxz0xzhu5c/"; http_uri; depth:66; isdataat:!1,relative; content:"statutorycomp.co.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289241/; classtype:trojan-activity;sid:81152341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgialfa/parts_service/wzv4vc5tc/"; http_uri; depth:33; isdataat:!1,relative; content:"wow.funtasticdeal.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289240/; classtype:trojan-activity;sid:81152340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/closed-box/close-warehouse/290609535-8xgugv2fythc/"; http_uri; depth:63; isdataat:!1,relative; content:"ukiik.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289239/; classtype:trojan-activity;sid:81152339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/payment/7v3t3qiua/"; http_uri; depth:30; isdataat:!1,relative; content:"royalcloudsoftware.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289238/; classtype:trojan-activity;sid:81152338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/multifunctional_disk/external_87610770241_rnhhqrz7iy73/0tq_u2t5827tx9/"; http_uri; depth:80; isdataat:!1,relative; content:"www.mockupfree.ir"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289237/; classtype:trojan-activity;sid:81152337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/4427144/"; http_uri; depth:17; isdataat:!1,relative; content:"softlinke.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289236/; classtype:trojan-activity;sid:81152336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/statement/xdqa1p9tu/"; http_uri; depth:32; isdataat:!1,relative; content:"mymoments.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289235/; classtype:trojan-activity;sid:81152335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289234/; classtype:trojan-activity;sid:81152334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289233/; classtype:trojan-activity;sid:81152333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289232/; classtype:trojan-activity;sid:81152332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289231/; classtype:trojan-activity;sid:81152331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289230/; classtype:trojan-activity;sid:81152330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289229/; classtype:trojan-activity;sid:81152329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.248.104.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289228/; classtype:trojan-activity;sid:81152328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.57.119.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289227/; classtype:trojan-activity;sid:81152327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.96.105.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289226/; classtype:trojan-activity;sid:81152326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289225/; classtype:trojan-activity;sid:81152325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289224/; classtype:trojan-activity;sid:81152324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.145.2.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289223/; classtype:trojan-activity;sid:81152323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.77.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289222/; classtype:trojan-activity;sid:81152322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289221/; classtype:trojan-activity;sid:81152321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289220/; classtype:trojan-activity;sid:81152320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.175.249.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289219/; classtype:trojan-activity;sid:81152319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289218/; classtype:trojan-activity;sid:81152318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/balance/a-010-885710131-v5ycsw-17a8h/"; http_uri; depth:47; isdataat:!1,relative; content:"www.pulchritudinous.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289217/; classtype:trojan-activity;sid:81152317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/protected-array/special-space/6621349-8iyokdjfi/"; http_uri; depth:61; isdataat:!1,relative; content:"www.creativemind-me.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289216/; classtype:trojan-activity;sid:81152316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/protected-section/verifiable-warehouse/21312233980-xmvsii/"; http_uri; depth:68; isdataat:!1,relative; content:"www.huifande.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289215/; classtype:trojan-activity;sid:81152315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/9htxrzk-2361-22877-wa7chxruwce-q8ntg/"; http_uri; depth:52; isdataat:!1,relative; content:"www.green-diamond.ae"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289214/; classtype:trojan-activity;sid:81152314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/public/2j6a0k-968384929-9274598-6c0m48ln-qvu1sh055vt/"; http_uri; depth:64; isdataat:!1,relative; content:"www.fappictures.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289213/; classtype:trojan-activity;sid:81152313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/open_sector/open_profile/c9mykh_4fvgmkong/"; http_uri; depth:54; isdataat:!1,relative; content:"www.1v12.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289212/; classtype:trojan-activity;sid:81152312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/closed-box/verified-forum/wkbwfwxps87e-z8tt0sy/"; http_uri; depth:55; isdataat:!1,relative; content:"trusteam.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289211/; classtype:trojan-activity;sid:81152311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftm/0735126965/7mtu1x36/"; http_uri; depth:25; isdataat:!1,relative; content:"www.hacksandhazards.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289210/; classtype:trojan-activity;sid:81152310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/327505501-4zp687aspuix-array/test-np0i97wzdwi59r-fghoujnkv7d79/pdgzbf-b1ndhxlrcr42/"; http_uri; depth:95; isdataat:!1,relative; content:"willowgrovesupply.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289209/; classtype:trojan-activity;sid:81152309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/tfinfn5o972/r09bqju-044819-881-muozilh11-l0dvnf/"; http_uri; depth:63; isdataat:!1,relative; content:"www.new.autorich.in.ua"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_01_15; reference:url, urlhaus.abuse.ch/url/289208/; classtype:trojan-activity;sid:81152308; rev:1;) alert