################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2020-08-03 11:18:16 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423760)"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=045adcdfe91be4f5|7c|26|7c|resid=45adcdfe91be4f5%21318|7c|26|7c|authkey=aa6lutarluhyj48"; http_uri; depth:99; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423760/; classtype:trojan-activity;sid:81286860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423759)"; flow:established,from_client; content:"GET"; http_method; content:"/bi/xx.exe"; http_uri; depth:10; isdataat:!1,relative; content:"cloudmultiplefilesserviceintergatesese.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423759/; classtype:trojan-activity;sid:81286859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423758)"; flow:established,from_client; content:"GET"; http_method; content:"/bi/vbc.exe"; http_uri; depth:11; isdataat:!1,relative; content:"cloudmultiplefilesserviceintergatesese.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423758/; classtype:trojan-activity;sid:81286858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.4.156.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423757/; classtype:trojan-activity;sid:81286857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423756)"; flow:established,from_client; content:"GET"; http_method; content:"/chnsfrnd2/winlog.exe"; http_uri; depth:21; isdataat:!1,relative; content:"stdychinese2onlyywalkaloneinlifev14fas.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423756/; classtype:trojan-activity;sid:81286856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423753)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/equipx.exe"; http_uri; depth:18; isdataat:!1,relative; content:"abass.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423753/; classtype:trojan-activity;sid:81286853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.157.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423749/; classtype:trojan-activity;sid:81286849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.221.220.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423747/; classtype:trojan-activity;sid:81286847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423746/; classtype:trojan-activity;sid:81286846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.166.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423745/; classtype:trojan-activity;sid:81286845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"94.43.101.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423744/; classtype:trojan-activity;sid:81286844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423743/; classtype:trojan-activity;sid:81286843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423738)"; flow:established,from_client; content:"GET"; http_method; content:"/guestbook/mi/"; http_uri; depth:14; isdataat:!1,relative; content:"empmtg.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423738/; classtype:trojan-activity;sid:81286838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423737)"; flow:established,from_client; content:"GET"; http_method; content:"/a/owininilogs.txt"; http_uri; depth:18; isdataat:!1,relative; content:"mcmegypt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423737/; classtype:trojan-activity;sid:81286837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423736)"; flow:established,from_client; content:"GET"; http_method; content:"/app/air%20way%20bill.img"; http_uri; depth:25; isdataat:!1,relative; content:"tahiratelecom.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423736/; classtype:trojan-activity;sid:81286836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423735)"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=1a8da7f97afe2d65|7c|26|7c|resid=1a8da7f97afe2d65%21502|7c|26|7c|authkey=ae6cxahudldzfk4"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423735/; classtype:trojan-activity;sid:81286835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423733)"; flow:established,from_client; content:"GET"; http_method; content:"/frankx/frankfile.exe"; http_uri; depth:21; isdataat:!1,relative; content:"abass.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423733/; classtype:trojan-activity;sid:81286833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423732)"; flow:established,from_client; content:"GET"; http_method; content:"/office360/regasm.exe"; http_uri; depth:21; isdataat:!1,relative; content:"20greenkegheedahatakankeadeshnaastdyhma.duckdns.org"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423732/; classtype:trojan-activity;sid:81286832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423731)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.pl"; http_uri; depth:7; isdataat:!1,relative; content:"107.187.122.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423731/; classtype:trojan-activity;sid:81286831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423729)"; flow:established,from_client; content:"GET"; http_method; content:"/data/common_array/open_portal/e3ht3j78z33b8r_u02tsyttt242z/"; http_uri; depth:60; isdataat:!1,relative; content:"www.guteunterhaltung.de"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423729/; classtype:trojan-activity;sid:81286829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.226.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423728/; classtype:trojan-activity;sid:81286828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.31.0.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423727/; classtype:trojan-activity;sid:81286827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"140.240.111.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423725/; classtype:trojan-activity;sid:81286825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423723/; classtype:trojan-activity;sid:81286823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423722)"; flow:established,from_client; content:"GET"; http_method; content:"/journal/private-resource/interior-19886510396-hscfdjzqvym/fseq82-uu53xw/"; http_uri; depth:73; isdataat:!1,relative; content:"onex.co.za"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423722/; classtype:trojan-activity;sid:81286822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423707)"; flow:established,from_client; content:"GET"; http_method; content:"/fuze.sh"; http_uri; depth:8; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423707/; classtype:trojan-activity;sid:81286807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423706)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423706/; classtype:trojan-activity;sid:81286806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423705)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.arm4"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423705/; classtype:trojan-activity;sid:81286805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423704)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423704/; classtype:trojan-activity;sid:81286804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423703)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.i686"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423703/; classtype:trojan-activity;sid:81286803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423702)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.i586"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423702/; classtype:trojan-activity;sid:81286802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423701)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.mips"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423701/; classtype:trojan-activity;sid:81286801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423700)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.sparc"; http_uri; depth:16; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423700/; classtype:trojan-activity;sid:81286800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423699)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423699/; classtype:trojan-activity;sid:81286799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423698)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.x86"; http_uri; depth:14; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423698/; classtype:trojan-activity;sid:81286798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423697)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423697/; classtype:trojan-activity;sid:81286797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423696)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423696/; classtype:trojan-activity;sid:81286796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423695)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423695/; classtype:trojan-activity;sid:81286795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423694)"; flow:established,from_client; content:"GET"; http_method; content:"/f3dsg0tm3.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"79.124.78.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423694/; classtype:trojan-activity;sid:81286794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423693)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/xubvoifyz/"; http_uri; depth:23; isdataat:!1,relative; content:"www.kultfitness.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423693/; classtype:trojan-activity;sid:81286793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423692)"; flow:established,from_client; content:"GET"; http_method; content:"/update/rklrozq/"; http_uri; depth:16; isdataat:!1,relative; content:"meuambientedecoracoes.com.br"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423692/; classtype:trojan-activity;sid:81286792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423691)"; flow:established,from_client; content:"GET"; http_method; content:"/mail/oisg4e5m-28d-93696/"; http_uri; depth:25; isdataat:!1,relative; content:"mckinzielaw.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423691/; classtype:trojan-activity;sid:81286791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423690)"; flow:established,from_client; content:"GET"; http_method; content:"/wine/g0t-nf3j-2344/"; http_uri; depth:20; isdataat:!1,relative; content:"exeo.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423690/; classtype:trojan-activity;sid:81286790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423689)"; flow:established,from_client; content:"GET"; http_method; content:"/guestbook/4uq9-3ezaj-898425/"; http_uri; depth:29; isdataat:!1,relative; content:"empmtg.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423689/; classtype:trojan-activity;sid:81286789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423688)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/ciiolc/"; http_uri; depth:14; isdataat:!1,relative; content:"davidsgreen.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423688/; classtype:trojan-activity;sid:81286788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423687)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/9ahr-m3u8w-72576/"; http_uri; depth:24; isdataat:!1,relative; content:"dailynetworks.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423687/; classtype:trojan-activity;sid:81286787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423685)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/statement/"; http_uri; depth:19; isdataat:!1,relative; content:"msograteful.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423685/; classtype:trojan-activity;sid:81286785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|7c|3b|7c|chmod+777+mozi.a|7c|3b|7c|/tmp/mozi.a+jaws"; http_uri; depth:59; isdataat:!1,relative; content:"1.246.223.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423680/; classtype:trojan-activity;sid:81286780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423679)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423679/; classtype:trojan-activity;sid:81286779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423678)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423678/; classtype:trojan-activity;sid:81286778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423677)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423677/; classtype:trojan-activity;sid:81286777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423676)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423676/; classtype:trojan-activity;sid:81286776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423674)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i686"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423674/; classtype:trojan-activity;sid:81286774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423671)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sparc"; http_uri; depth:16; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423671/; classtype:trojan-activity;sid:81286771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423670)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423670/; classtype:trojan-activity;sid:81286770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423669)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423669/; classtype:trojan-activity;sid:81286769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423668)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423668/; classtype:trojan-activity;sid:81286768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423667)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423667/; classtype:trojan-activity;sid:81286767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423666)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423666/; classtype:trojan-activity;sid:81286766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423665)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423665/; classtype:trojan-activity;sid:81286765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423664)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/personal-resource/additional-forum/x7oitmxeue-k5fbl0ij2l4c/"; http_uri; depth:71; isdataat:!1,relative; content:"yourmoveproductions.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423664/; classtype:trojan-activity;sid:81286764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423659)"; flow:established,from_client; content:"GET"; http_method; content:"/tarifas/open_zone/interior_profile/goh2pzy8_766ws/"; http_uri; depth:51; isdataat:!1,relative; content:"peketoyas.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423659/; classtype:trojan-activity;sid:81286759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423657)"; flow:established,from_client; content:"GET"; http_method; content:"/download/common-section/close-s0ffq33o6u-h66l/euanoznkb1s-4ayfqdgq0jlp/"; http_uri; depth:72; isdataat:!1,relative; content:"orlandofilho.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423657/; classtype:trojan-activity;sid:81286757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423656)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/multifunctional-section/open-space/71797626-cixv52m8gu/"; http_uri; depth:62; isdataat:!1,relative; content:"markbess.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423656/; classtype:trojan-activity;sid:81286756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423654)"; flow:established,from_client; content:"GET"; http_method; content:"/js/multifunctional_section/close_forum/89ohgx_0v18u7/"; http_uri; depth:54; isdataat:!1,relative; content:"houseci.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423654/; classtype:trojan-activity;sid:81286754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423652)"; flow:established,from_client; content:"GET"; http_method; content:"/banner_tm/protected-resource/corporate-forum/moff6mnfkz0-ss825/"; http_uri; depth:64; isdataat:!1,relative; content:"guarany.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423652/; classtype:trojan-activity;sid:81286752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423651)"; flow:established,from_client; content:"GET"; http_method; content:"/tungtwistr/protected_section/lhln5w_qvuhobke_forum/juh_4vsz4y6u/"; http_uri; depth:65; isdataat:!1,relative; content:"devicesherpa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423651/; classtype:trojan-activity;sid:81286751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423649)"; flow:established,from_client; content:"GET"; http_method; content:"/site/protected_afcq880g7_8vnnmjyggjf4ci5i/guarded_uey62f6poqepzzr_6s0d9/l9c2t_416s2s9u9tsuy/"; http_uri; depth:93; isdataat:!1,relative; content:"atelierbrasilia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423649/; classtype:trojan-activity;sid:81286749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423648)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423648/; classtype:trojan-activity;sid:81286748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423647)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423647/; classtype:trojan-activity;sid:81286747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423644)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423644/; classtype:trojan-activity;sid:81286744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423642)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423642/; classtype:trojan-activity;sid:81286742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423641)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423641/; classtype:trojan-activity;sid:81286741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423640)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423640/; classtype:trojan-activity;sid:81286740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423639)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423639/; classtype:trojan-activity;sid:81286739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423638)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423638/; classtype:trojan-activity;sid:81286738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423637)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423637/; classtype:trojan-activity;sid:81286737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423636)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423636/; classtype:trojan-activity;sid:81286736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423635)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423635/; classtype:trojan-activity;sid:81286735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423634)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i586"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423634/; classtype:trojan-activity;sid:81286734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423633)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423633/; classtype:trojan-activity;sid:81286733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423631)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423631/; classtype:trojan-activity;sid:81286731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423629)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423629/; classtype:trojan-activity;sid:81286729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423627)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423627/; classtype:trojan-activity;sid:81286727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423624)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423624/; classtype:trojan-activity;sid:81286724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423623)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423623/; classtype:trojan-activity;sid:81286723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423621)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423621/; classtype:trojan-activity;sid:81286721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423620)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423620/; classtype:trojan-activity;sid:81286720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423619)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423619/; classtype:trojan-activity;sid:81286719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423618)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.x86"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423618/; classtype:trojan-activity;sid:81286718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423616)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm4"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423616/; classtype:trojan-activity;sid:81286716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"37.49.230.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423615/; classtype:trojan-activity;sid:81286715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423614)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"18.181.109.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423614/; classtype:trojan-activity;sid:81286714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423613)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.94.104.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423613/; classtype:trojan-activity;sid:81286713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423607/; classtype:trojan-activity;sid:81286707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423604)"; flow:established,from_client; content:"GET"; http_method; content:"/eksgbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.153.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423604/; classtype:trojan-activity;sid:81286704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423602)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"94.159.249.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423602/; classtype:trojan-activity;sid:81286702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.97.156.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423600/; classtype:trojan-activity;sid:81286700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423599/; classtype:trojan-activity;sid:81286699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.30.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423597/; classtype:trojan-activity;sid:81286697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.182.41.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423596/; classtype:trojan-activity;sid:81286696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423593)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm6"; http_uri; depth:36; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_03; reference:url, urlhaus.abuse.ch/url/423593/; classtype:trojan-activity;sid:81286693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423592)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mpsl"; http_uri; depth:36; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423592/; classtype:trojan-activity;sid:81286692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423591)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.sh4"; http_uri; depth:35; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423591/; classtype:trojan-activity;sid:81286691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.82.74.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423590/; classtype:trojan-activity;sid:81286690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423589)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.m68k"; http_uri; depth:36; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423589/; classtype:trojan-activity;sid:81286689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423588)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm5"; http_uri; depth:36; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423588/; classtype:trojan-activity;sid:81286688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423587)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mips"; http_uri; depth:36; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423587/; classtype:trojan-activity;sid:81286687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423586)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.spc"; http_uri; depth:35; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423586/; classtype:trojan-activity;sid:81286686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423585)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm"; http_uri; depth:35; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423585/; classtype:trojan-activity;sid:81286685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423584)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.ppc"; http_uri; depth:35; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423584/; classtype:trojan-activity;sid:81286684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423583)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.x86"; http_uri; depth:35; isdataat:!1,relative; content:"185.172.110.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423583/; classtype:trojan-activity;sid:81286683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423582)"; flow:established,from_client; content:"GET"; http_method; content:"/21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.mips"; http_uri; depth:69; isdataat:!1,relative; content:"5.135.211.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423582/; classtype:trojan-activity;sid:81286682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.52.71.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423581/; classtype:trojan-activity;sid:81286681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423580/; classtype:trojan-activity;sid:81286680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423579/; classtype:trojan-activity;sid:81286679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423578/; classtype:trojan-activity;sid:81286678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423577/; classtype:trojan-activity;sid:81286677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm"; http_uri; depth:14; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423576/; classtype:trojan-activity;sid:81286676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423575/; classtype:trojan-activity;sid:81286675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423574/; classtype:trojan-activity;sid:81286674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423573/; classtype:trojan-activity;sid:81286673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.x86"; http_uri; depth:14; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423572/; classtype:trojan-activity;sid:81286672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.mips"; http_uri; depth:15; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423571/; classtype:trojan-activity;sid:81286671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"165.22.57.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423570/; classtype:trojan-activity;sid:81286670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423569/; classtype:trojan-activity;sid:81286669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423568/; classtype:trojan-activity;sid:81286668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423567/; classtype:trojan-activity;sid:81286667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423566/; classtype:trojan-activity;sid:81286666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423565/; classtype:trojan-activity;sid:81286665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423564/; classtype:trojan-activity;sid:81286664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"165.22.57.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423563/; classtype:trojan-activity;sid:81286663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"165.22.57.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423562/; classtype:trojan-activity;sid:81286662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"165.22.57.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423561/; classtype:trojan-activity;sid:81286661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"165.22.57.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423560/; classtype:trojan-activity;sid:81286660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"165.22.57.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423559/; classtype:trojan-activity;sid:81286659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"165.22.57.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423558/; classtype:trojan-activity;sid:81286658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"122.241.156.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423557/; classtype:trojan-activity;sid:81286657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423556)"; flow:established,from_client; content:"GET"; http_method; content:"/netlab360.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423556/; classtype:trojan-activity;sid:81286656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423555)"; flow:established,from_client; content:"GET"; http_method; content:"/netlab360.mips"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423555/; classtype:trojan-activity;sid:81286655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.5.30.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423554/; classtype:trojan-activity;sid:81286654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423553/; classtype:trojan-activity;sid:81286653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.222.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423552/; classtype:trojan-activity;sid:81286652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.121.37.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423551/; classtype:trojan-activity;sid:81286651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.61.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423550/; classtype:trojan-activity;sid:81286650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.34.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423549/; classtype:trojan-activity;sid:81286649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423548)"; flow:established,from_client; content:"GET"; http_method; content:"/netlab360.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423548/; classtype:trojan-activity;sid:81286648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423547)"; flow:established,from_client; content:"GET"; http_method; content:"/netlab360.arm"; http_uri; depth:14; isdataat:!1,relative; content:"194.15.36.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423547/; classtype:trojan-activity;sid:81286647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423546)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.130.64.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423546/; classtype:trojan-activity;sid:81286646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.6.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423545/; classtype:trojan-activity;sid:81286645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.32.203.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423544/; classtype:trojan-activity;sid:81286644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.21.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423543/; classtype:trojan-activity;sid:81286643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.230.24.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423542/; classtype:trojan-activity;sid:81286642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.156.95.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423541/; classtype:trojan-activity;sid:81286641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.35.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423540/; classtype:trojan-activity;sid:81286640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423539/; classtype:trojan-activity;sid:81286639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423538/; classtype:trojan-activity;sid:81286638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"49.65.72.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423537/; classtype:trojan-activity;sid:81286637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.233.88.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423536/; classtype:trojan-activity;sid:81286636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423535)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; content:"159.65.84.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423535/; classtype:trojan-activity;sid:81286635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423534)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.59.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423534/; classtype:trojan-activity;sid:81286634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423533)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"122.117.13.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423533/; classtype:trojan-activity;sid:81286633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423532)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423532/; classtype:trojan-activity;sid:81286632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423531)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423531/; classtype:trojan-activity;sid:81286631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423530)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423530/; classtype:trojan-activity;sid:81286630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423529)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423529/; classtype:trojan-activity;sid:81286629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423528)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423528/; classtype:trojan-activity;sid:81286628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423527)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423527/; classtype:trojan-activity;sid:81286627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423526)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423526/; classtype:trojan-activity;sid:81286626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423525)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423525/; classtype:trojan-activity;sid:81286625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423524)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423524/; classtype:trojan-activity;sid:81286624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423523)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423523/; classtype:trojan-activity;sid:81286623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423522/; classtype:trojan-activity;sid:81286622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"5.152.0.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423521/; classtype:trojan-activity;sid:81286621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.43.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423520/; classtype:trojan-activity;sid:81286620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423519/; classtype:trojan-activity;sid:81286619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423518)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoul.sh"; http_uri; depth:9; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423518/; classtype:trojan-activity;sid:81286618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423517)"; flow:established,from_client; content:"GET"; http_method; content:"/3307"; http_uri; depth:5; isdataat:!1,relative; content:"98.159.110.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423517/; classtype:trojan-activity;sid:81286617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423516)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"104.237.255.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423516/; classtype:trojan-activity;sid:81286616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423515/; classtype:trojan-activity;sid:81286615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423514/; classtype:trojan-activity;sid:81286614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423513/; classtype:trojan-activity;sid:81286613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423512/; classtype:trojan-activity;sid:81286612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423511/; classtype:trojan-activity;sid:81286611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.x86"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423510/; classtype:trojan-activity;sid:81286610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423509/; classtype:trojan-activity;sid:81286609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423508/; classtype:trojan-activity;sid:81286608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.mips"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423507/; classtype:trojan-activity;sid:81286607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ares.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423506/; classtype:trojan-activity;sid:81286606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423505)"; flow:established,from_client; content:"GET"; http_method; content:"/test.doc"; http_uri; depth:9; isdataat:!1,relative; content:"40.125.65.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423505/; classtype:trojan-activity;sid:81286605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423504)"; flow:established,from_client; content:"GET"; http_method; content:"/orcus.exe"; http_uri; depth:10; isdataat:!1,relative; content:"40.125.65.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423504/; classtype:trojan-activity;sid:81286604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423503)"; flow:established,from_client; content:"GET"; http_method; content:"/leads.exe"; http_uri; depth:10; isdataat:!1,relative; content:"40.125.65.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423503/; classtype:trojan-activity;sid:81286603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423502)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"128.201.54.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423502/; classtype:trojan-activity;sid:81286602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423501)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.157.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423501/; classtype:trojan-activity;sid:81286601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.153.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423500/; classtype:trojan-activity;sid:81286600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.236.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423499/; classtype:trojan-activity;sid:81286599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.0.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423498/; classtype:trojan-activity;sid:81286598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.32.71.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423497/; classtype:trojan-activity;sid:81286597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"92.54.237.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423496/; classtype:trojan-activity;sid:81286596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423495/; classtype:trojan-activity;sid:81286595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423494)"; flow:established,from_client; content:"GET"; http_method; content:"/2013xmas/protected_section/special_8ibnmrpd_wvjx9sgyrlf8ax/ixfk8ymgeai_u3gbvjo1le8gs/"; http_uri; depth:86; isdataat:!1,relative; content:"www.lexmausa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423494/; classtype:trojan-activity;sid:81286594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423493)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"116.88.65.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423493/; classtype:trojan-activity;sid:81286593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423492)"; flow:established,from_client; content:"GET"; http_method; content:"/ikfftie/kjknhfopl.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.irregnancised.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423492/; classtype:trojan-activity;sid:81286592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423491)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.spc"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423491/; classtype:trojan-activity;sid:81286591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423490)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423490/; classtype:trojan-activity;sid:81286590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423489)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423489/; classtype:trojan-activity;sid:81286589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423488)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.mips"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423488/; classtype:trojan-activity;sid:81286588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423487)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423487/; classtype:trojan-activity;sid:81286587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423486)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423486/; classtype:trojan-activity;sid:81286586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423485)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423485/; classtype:trojan-activity;sid:81286585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423484)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423484/; classtype:trojan-activity;sid:81286584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423483)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423483/; classtype:trojan-activity;sid:81286583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423482)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423482/; classtype:trojan-activity;sid:81286582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423481)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/mikex.exe"; http_uri; depth:17; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423481/; classtype:trojan-activity;sid:81286581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423480)"; flow:established,from_client; content:"GET"; http_method; content:"/softdownload/fraps_ru.exe"; http_uri; depth:26; isdataat:!1,relative; content:"169215.selcdn.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423480/; classtype:trojan-activity;sid:81286580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.25.228.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423479/; classtype:trojan-activity;sid:81286579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.76.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423478/; classtype:trojan-activity;sid:81286578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.221.206.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423477/; classtype:trojan-activity;sid:81286577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.221.242.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423476/; classtype:trojan-activity;sid:81286576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423475/; classtype:trojan-activity;sid:81286575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423474)"; flow:established,from_client; content:"GET"; http_method; content:"/province_demo2020sum/multi%20theft%20auto.exe"; http_uri; depth:46; isdataat:!1,relative; content:"updates.gtaprovince.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423474/; classtype:trojan-activity;sid:81286574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423473)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"186.206.238.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423473/; classtype:trojan-activity;sid:81286573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423472)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423472/; classtype:trojan-activity;sid:81286572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423471)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423471/; classtype:trojan-activity;sid:81286571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423470)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423470/; classtype:trojan-activity;sid:81286570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423469)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423469/; classtype:trojan-activity;sid:81286569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423468)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423468/; classtype:trojan-activity;sid:81286568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423467)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423467/; classtype:trojan-activity;sid:81286567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423466)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423466/; classtype:trojan-activity;sid:81286566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423465)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423465/; classtype:trojan-activity;sid:81286565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423464)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423464/; classtype:trojan-activity;sid:81286564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423463)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423463/; classtype:trojan-activity;sid:81286563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423462)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423462/; classtype:trojan-activity;sid:81286562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423461)"; flow:established,from_client; content:"GET"; http_method; content:"//wp-includes/widgets/0089vi4tc0at04087yt74.zip"; http_uri; depth:47; isdataat:!1,relative; content:"xuko.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423461/; classtype:trojan-activity;sid:81286561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423460)"; flow:established,from_client; content:"GET"; http_method; content:"/file/cliente=vsmithfulcher@prepaidlegal.com"; http_uri; depth:44; isdataat:!1,relative; content:"52.175.150.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423460/; classtype:trojan-activity;sid:81286560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423459)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423459/; classtype:trojan-activity;sid:81286559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423458)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.33.233.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423458/; classtype:trojan-activity;sid:81286558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423457)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoul.sh"; http_uri; depth:9; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423457/; classtype:trojan-activity;sid:81286557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423456)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423456/; classtype:trojan-activity;sid:81286556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423455)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.mips"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423455/; classtype:trojan-activity;sid:81286555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423454)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.spc"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423454/; classtype:trojan-activity;sid:81286554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423453)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423453/; classtype:trojan-activity;sid:81286553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423452)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423452/; classtype:trojan-activity;sid:81286552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423451)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423451/; classtype:trojan-activity;sid:81286551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423450)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423450/; classtype:trojan-activity;sid:81286550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423449)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.17.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423449/; classtype:trojan-activity;sid:81286549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423448)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423448/; classtype:trojan-activity;sid:81286548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423447)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423447/; classtype:trojan-activity;sid:81286547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423446)"; flow:established,from_client; content:"GET"; http_method; content:"/ci2.sh"; http_uri; depth:7; isdataat:!1,relative; content:"185.178.45.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423446/; classtype:trojan-activity;sid:81286546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423445)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.x86"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423445/; classtype:trojan-activity;sid:81286545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423444)"; flow:established,from_client; content:"GET"; http_method; content:"/kingx/africax.exe"; http_uri; depth:18; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423444/; classtype:trojan-activity;sid:81286544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423443)"; flow:established,from_client; content:"GET"; http_method; content:"/ci3.sh"; http_uri; depth:7; isdataat:!1,relative; content:"185.178.45.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423443/; classtype:trojan-activity;sid:81286543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423442)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn/klli"; http_uri; depth:9; isdataat:!1,relative; content:"359328.selcdn.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423442/; classtype:trojan-activity;sid:81286542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423441)"; flow:established,from_client; content:"GET"; http_method; content:"/fetch.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"79.124.8.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423441/; classtype:trojan-activity;sid:81286541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423440)"; flow:established,from_client; content:"GET"; http_method; content:"/fetch.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"79.124.8.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423440/; classtype:trojan-activity;sid:81286540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.134.185.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423439/; classtype:trojan-activity;sid:81286539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.173.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423438/; classtype:trojan-activity;sid:81286538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.230.205.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423437/; classtype:trojan-activity;sid:81286537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.90.67.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423436/; classtype:trojan-activity;sid:81286536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.206.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423435/; classtype:trojan-activity;sid:81286535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423434)"; flow:established,from_client; content:"GET"; http_method; content:"/fetch.arm"; http_uri; depth:10; isdataat:!1,relative; content:"79.124.8.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423434/; classtype:trojan-activity;sid:81286534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423433)"; flow:established,from_client; content:"GET"; http_method; content:"/3307"; http_uri; depth:5; isdataat:!1,relative; content:"98.159.99.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423433/; classtype:trojan-activity;sid:81286533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423432)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/personal_resource/test_portal/0837763707068_mpop1s/"; http_uri; depth:68; isdataat:!1,relative; content:"ritter.ws"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423432/; classtype:trojan-activity;sid:81286532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423431)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.x86"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.10.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423431/; classtype:trojan-activity;sid:81286531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423430)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"123.194.187.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423430/; classtype:trojan-activity;sid:81286530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423429/; classtype:trojan-activity;sid:81286529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423428)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9dss"; http_uri; depth:7; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423428/; classtype:trojan-activity;sid:81286528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423427)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9x86"; http_uri; depth:7; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423427/; classtype:trojan-activity;sid:81286527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423426)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.kaiten"; http_uri; depth:15; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423426/; classtype:trojan-activity;sid:81286526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423425)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423425/; classtype:trojan-activity;sid:81286525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423424)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.kaiten"; http_uri; depth:15; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423424/; classtype:trojan-activity;sid:81286524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423423)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9m68k"; http_uri; depth:8; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423423/; classtype:trojan-activity;sid:81286523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423422)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423422/; classtype:trojan-activity;sid:81286522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423421)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.kaiten"; http_uri; depth:15; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423421/; classtype:trojan-activity;sid:81286521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423420/; classtype:trojan-activity;sid:81286520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423419)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9ppc"; http_uri; depth:7; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423419/; classtype:trojan-activity;sid:81286519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423418)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.kaiten"; http_uri; depth:14; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423418/; classtype:trojan-activity;sid:81286518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423417)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9i686"; http_uri; depth:8; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423417/; classtype:trojan-activity;sid:81286517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423416/; classtype:trojan-activity;sid:81286516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423415)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423415/; classtype:trojan-activity;sid:81286515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423414/; classtype:trojan-activity;sid:81286514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423413)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.kaiten"; http_uri; depth:15; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423413/; classtype:trojan-activity;sid:81286513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423412)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423412/; classtype:trojan-activity;sid:81286512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423411)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423411/; classtype:trojan-activity;sid:81286511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423410)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.kaiten"; http_uri; depth:14; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423410/; classtype:trojan-activity;sid:81286510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423409/; classtype:trojan-activity;sid:81286509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423408)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423408/; classtype:trojan-activity;sid:81286508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423407)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423407/; classtype:trojan-activity;sid:81286507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423406/; classtype:trojan-activity;sid:81286506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423405)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.kaiten"; http_uri; depth:14; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423405/; classtype:trojan-activity;sid:81286505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423404)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423404/; classtype:trojan-activity;sid:81286504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423403)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9arm6"; http_uri; depth:8; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423403/; classtype:trojan-activity;sid:81286503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423402)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.kaiten"; http_uri; depth:14; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423402/; classtype:trojan-activity;sid:81286502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423401)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9sh4"; http_uri; depth:7; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423401/; classtype:trojan-activity;sid:81286501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423400)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm7"; http_uri; depth:28; isdataat:!1,relative; content:"167.99.94.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423400/; classtype:trojan-activity;sid:81286500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423399/; classtype:trojan-activity;sid:81286499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423398)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arc"; http_uri; depth:27; isdataat:!1,relative; content:"167.99.94.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423398/; classtype:trojan-activity;sid:81286498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423397)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.kaiten"; http_uri; depth:15; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423397/; classtype:trojan-activity;sid:81286497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423396/; classtype:trojan-activity;sid:81286496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423395)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm"; http_uri; depth:27; isdataat:!1,relative; content:"167.99.94.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423395/; classtype:trojan-activity;sid:81286495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423394)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9mpsl"; http_uri; depth:8; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423394/; classtype:trojan-activity;sid:81286494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423393)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423393/; classtype:trojan-activity;sid:81286493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423392)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9adc"; http_uri; depth:7; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423392/; classtype:trojan-activity;sid:81286492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423391)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.kaiten"; http_uri; depth:15; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423391/; classtype:trojan-activity;sid:81286491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423390)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423390/; classtype:trojan-activity;sid:81286490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423389)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9mips"; http_uri; depth:8; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423389/; classtype:trojan-activity;sid:81286489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423388)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9i586"; http_uri; depth:8; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423388/; classtype:trojan-activity;sid:81286488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423387)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.kaiten"; http_uri; depth:15; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423387/; classtype:trojan-activity;sid:81286487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423386)"; flow:established,from_client; content:"GET"; http_method; content:"/snoopy.sh"; http_uri; depth:10; isdataat:!1,relative; content:"107.175.194.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423386/; classtype:trojan-activity;sid:81286486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423385)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9cco"; http_uri; depth:7; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423385/; classtype:trojan-activity;sid:81286485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423384/; classtype:trojan-activity;sid:81286484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423383)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.spc"; http_uri; depth:27; isdataat:!1,relative; content:"167.99.94.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423383/; classtype:trojan-activity;sid:81286483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423382/; classtype:trojan-activity;sid:81286482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423381)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.ppc"; http_uri; depth:27; isdataat:!1,relative; content:"167.99.94.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423381/; classtype:trojan-activity;sid:81286481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423380/; classtype:trojan-activity;sid:81286480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423379)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423379/; classtype:trojan-activity;sid:81286479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423378)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; content:"scan.aykashi.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423378/; classtype:trojan-activity;sid:81286478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"45.84.196.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423377/; classtype:trojan-activity;sid:81286477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423376)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoul.sh"; http_uri; depth:9; isdataat:!1,relative; content:"88.218.16.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423376/; classtype:trojan-activity;sid:81286476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423375)"; flow:established,from_client; content:"GET"; http_method; content:"/zeros6x.sh"; http_uri; depth:11; isdataat:!1,relative; content:"167.99.94.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423375/; classtype:trojan-activity;sid:81286475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423374)"; flow:established,from_client; content:"GET"; http_method; content:"/explorersetup-4835.exe"; http_uri; depth:23; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423374/; classtype:trojan-activity;sid:81286474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423373)"; flow:established,from_client; content:"GET"; http_method; content:"/kingx/turkguyz.exe"; http_uri; depth:19; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423373/; classtype:trojan-activity;sid:81286473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423372)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/datwenty.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423372/; classtype:trojan-activity;sid:81286472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423371)"; flow:established,from_client; content:"GET"; http_method; content:"/nwamax/nwamaz.exe"; http_uri; depth:18; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423371/; classtype:trojan-activity;sid:81286471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423370)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/babyserver.exe"; http_uri; depth:22; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423370/; classtype:trojan-activity;sid:81286470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423369)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/danighten.exe"; http_uri; depth:21; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423369/; classtype:trojan-activity;sid:81286469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423368)"; flow:established,from_client; content:"GET"; http_method; content:"/arinzex/arinzex.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423368/; classtype:trojan-activity;sid:81286468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423367)"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/explorersetup-4845.exe"; http_uri; depth:31; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423367/; classtype:trojan-activity;sid:81286467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423366)"; flow:established,from_client; content:"GET"; http_method; content:"/explorersetup-4806.exe"; http_uri; depth:23; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423366/; classtype:trojan-activity;sid:81286466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423365)"; flow:established,from_client; content:"GET"; http_method; content:"/josh/josh.exe"; http_uri; depth:14; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423365/; classtype:trojan-activity;sid:81286465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423364)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/bobbyx.exe"; http_uri; depth:18; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423364/; classtype:trojan-activity;sid:81286464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423363)"; flow:established,from_client; content:"GET"; http_method; content:"/mazx/mazx.exe"; http_uri; depth:14; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423363/; classtype:trojan-activity;sid:81286463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.185.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423362/; classtype:trojan-activity;sid:81286462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.155.48.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423361/; classtype:trojan-activity;sid:81286461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"62.122.195.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423360/; classtype:trojan-activity;sid:81286460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423359)"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/explorersetup-4831.exe"; http_uri; depth:31; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423359/; classtype:trojan-activity;sid:81286459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423358)"; flow:established,from_client; content:"GET"; http_method; content:"/mazx/tsbuildtwo.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423358/; classtype:trojan-activity;sid:81286458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423357)"; flow:established,from_client; content:"GET"; http_method; content:"/templx/cripterfiletman.exe"; http_uri; depth:27; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423357/; classtype:trojan-activity;sid:81286457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423356)"; flow:established,from_client; content:"GET"; http_method; content:"/mullarx/mullarx.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423356/; classtype:trojan-activity;sid:81286456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423355)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthx/wilbur.exe"; http_uri; depth:19; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423355/; classtype:trojan-activity;sid:81286455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423354)"; flow:established,from_client; content:"GET"; http_method; content:"/mazx/tserver.exe"; http_uri; depth:17; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423354/; classtype:trojan-activity;sid:81286454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423353)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthx/bensway.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423353/; classtype:trojan-activity;sid:81286453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423352)"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/explorersetup-4835.exe"; http_uri; depth:31; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423352/; classtype:trojan-activity;sid:81286452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423351)"; flow:established,from_client; content:"GET"; http_method; content:"/ashleyx/ashleyz.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423351/; classtype:trojan-activity;sid:81286451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423350)"; flow:established,from_client; content:"GET"; http_method; content:"/mazx/tsbuild.exe"; http_uri; depth:17; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423350/; classtype:trojan-activity;sid:81286450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423349)"; flow:established,from_client; content:"GET"; http_method; content:"/izux/izux.exe"; http_uri; depth:14; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423349/; classtype:trojan-activity;sid:81286449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423348)"; flow:established,from_client; content:"GET"; http_method; content:"/sabix/sabix.exe"; http_uri; depth:16; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423348/; classtype:trojan-activity;sid:81286448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423347)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthx/benzway.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423347/; classtype:trojan-activity;sid:81286447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423346)"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/explorersetup-4830.exe"; http_uri; depth:31; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423346/; classtype:trojan-activity;sid:81286446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423345)"; flow:established,from_client; content:"GET"; http_method; content:"/nwamax/nwamaxz.exe"; http_uri; depth:19; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423345/; classtype:trojan-activity;sid:81286445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423344)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/uuuu.exe"; http_uri; depth:16; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423344/; classtype:trojan-activity;sid:81286444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423343)"; flow:established,from_client; content:"GET"; http_method; content:"/ashleyx/ashleyx.exe"; http_uri; depth:20; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423343/; classtype:trojan-activity;sid:81286443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423342)"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/explorersetup-4806.exe"; http_uri; depth:31; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423342/; classtype:trojan-activity;sid:81286442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423341)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthx/steph.exe"; http_uri; depth:18; isdataat:!1,relative; content:"admindepartment.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423341/; classtype:trojan-activity;sid:81286441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423340)"; flow:established,from_client; content:"GET"; http_method; content:"/izux/izuxz.exe"; http_uri; depth:15; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423340/; classtype:trojan-activity;sid:81286440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423339)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbyx/daninetee.exe"; http_uri; depth:21; isdataat:!1,relative; content:"admaris.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423339/; classtype:trojan-activity;sid:81286439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423338)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423338/; classtype:trojan-activity;sid:81286438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423337)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423337/; classtype:trojan-activity;sid:81286437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423336)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423336/; classtype:trojan-activity;sid:81286436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423335)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423335/; classtype:trojan-activity;sid:81286435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423334)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423334/; classtype:trojan-activity;sid:81286434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423333)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423333/; classtype:trojan-activity;sid:81286433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423332)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423332/; classtype:trojan-activity;sid:81286432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423331)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423331/; classtype:trojan-activity;sid:81286431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423330)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423330/; classtype:trojan-activity;sid:81286430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423329)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423329/; classtype:trojan-activity;sid:81286429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423328)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423328/; classtype:trojan-activity;sid:81286428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423327)"; flow:established,from_client; content:"GET"; http_method; content:"/yoyobins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423327/; classtype:trojan-activity;sid:81286427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423326)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"161.35.17.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423326/; classtype:trojan-activity;sid:81286426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423325)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423325/; classtype:trojan-activity;sid:81286425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423324)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423324/; classtype:trojan-activity;sid:81286424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423323)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.spc"; http_uri; depth:12; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423323/; classtype:trojan-activity;sid:81286423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423322)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423322/; classtype:trojan-activity;sid:81286422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423321)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.arm"; http_uri; depth:12; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423321/; classtype:trojan-activity;sid:81286421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423320)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423320/; classtype:trojan-activity;sid:81286420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423319)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423319/; classtype:trojan-activity;sid:81286419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423318)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423318/; classtype:trojan-activity;sid:81286418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423317)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.mips"; http_uri; depth:13; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423317/; classtype:trojan-activity;sid:81286417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423316)"; flow:established,from_client; content:"GET"; http_method; content:"/kiganet.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"93.157.62.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423316/; classtype:trojan-activity;sid:81286416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423315)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.93.202.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423315/; classtype:trojan-activity;sid:81286415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423314)"; flow:established,from_client; content:"GET"; http_method; content:"/upgrade/explorersetup-4807.exe"; http_uri; depth:31; isdataat:!1,relative; content:"down.shatangmu.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423314/; classtype:trojan-activity;sid:81286414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.45.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423313/; classtype:trojan-activity;sid:81286413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.230.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423312/; classtype:trojan-activity;sid:81286412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423311/; classtype:trojan-activity;sid:81286411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.52.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423310/; classtype:trojan-activity;sid:81286410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"77.43.128.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423309/; classtype:trojan-activity;sid:81286409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423308/; classtype:trojan-activity;sid:81286408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.140.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423307/; classtype:trojan-activity;sid:81286407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423306/; classtype:trojan-activity;sid:81286406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.124.146.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423305/; classtype:trojan-activity;sid:81286405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_02; reference:url, urlhaus.abuse.ch/url/423304/; classtype:trojan-activity;sid:81286404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"118.233.221.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423303/; classtype:trojan-activity;sid:81286403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423302)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423302/; classtype:trojan-activity;sid:81286402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423301)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423301/; classtype:trojan-activity;sid:81286401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423300)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.arm"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423300/; classtype:trojan-activity;sid:81286400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423299)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423299/; classtype:trojan-activity;sid:81286399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423298)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423298/; classtype:trojan-activity;sid:81286398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423297)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.mips"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423297/; classtype:trojan-activity;sid:81286397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423296)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423296/; classtype:trojan-activity;sid:81286396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423295)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423295/; classtype:trojan-activity;sid:81286395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423294)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.spc"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423294/; classtype:trojan-activity;sid:81286394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423293)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423293/; classtype:trojan-activity;sid:81286393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423292)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/kiganet.arm6"; http_uri; depth:57; isdataat:!1,relative; content:"xpodip.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423292/; classtype:trojan-activity;sid:81286392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423291)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/kiganet.mpsl"; http_uri; depth:57; isdataat:!1,relative; content:"xpodip.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423291/; classtype:trojan-activity;sid:81286391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423290)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/kiganet.sh4"; http_uri; depth:56; isdataat:!1,relative; content:"xpodip.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423290/; classtype:trojan-activity;sid:81286390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423289)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/kiganet.arm"; http_uri; depth:56; isdataat:!1,relative; content:"xpodip.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423289/; classtype:trojan-activity;sid:81286389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423288)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna/cloud.x86"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423288/; classtype:trojan-activity;sid:81286388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423287/; classtype:trojan-activity;sid:81286387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.52.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423286/; classtype:trojan-activity;sid:81286386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.85.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423285/; classtype:trojan-activity;sid:81286385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.201.34.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423284/; classtype:trojan-activity;sid:81286384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"62.118.131.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423283/; classtype:trojan-activity;sid:81286383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423282)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.133.30.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423282/; classtype:trojan-activity;sid:81286382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.134.185.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423281/; classtype:trojan-activity;sid:81286381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.72.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423280/; classtype:trojan-activity;sid:81286380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.112.184.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423279/; classtype:trojan-activity;sid:81286379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.31.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423278/; classtype:trojan-activity;sid:81286378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.81.18.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423277/; classtype:trojan-activity;sid:81286377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.35.160.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423276/; classtype:trojan-activity;sid:81286376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423275)"; flow:established,from_client; content:"GET"; http_method; content:"/bb/vbc.exe"; http_uri; depth:11; isdataat:!1,relative; content:"multiplecloudserviceforfileintergrate.duckdns.org"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423275/; classtype:trojan-activity;sid:81286375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423274)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/invoice_114122100.doc"; http_uri; depth:30; isdataat:!1,relative; content:"multiplecloudserviceforfileintergrate.duckdns.org"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423274/; classtype:trojan-activity;sid:81286374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423273)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/vbc.exe"; http_uri; depth:16; isdataat:!1,relative; content:"multiplecloudserviceforfileintergrate.duckdns.org"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423273/; classtype:trojan-activity;sid:81286373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423272)"; flow:established,from_client; content:"GET"; http_method; content:"/stableisbest/savanne.sh4"; http_uri; depth:25; isdataat:!1,relative; content:"37.49.224.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423272/; classtype:trojan-activity;sid:81286372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423271)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"69.75.227.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423271/; classtype:trojan-activity;sid:81286371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423270)"; flow:established,from_client; content:"GET"; http_method; content:"/paradisesuiting.com/common_module/security_warehouse/5s4xug7wnbvqj_026255x/"; http_uri; depth:76; isdataat:!1,relative; content:"pacificgroup.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423270/; classtype:trojan-activity;sid:81286370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423269)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ogfv5_4_x2l/."; http_uri; depth:23; isdataat:!1,relative; content:"bodbderg.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423269/; classtype:trojan-activity;sid:81286369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.26.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423268/; classtype:trojan-activity;sid:81286368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"41.86.21.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423267/; classtype:trojan-activity;sid:81286367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423266/; classtype:trojan-activity;sid:81286366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.108.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423265/; classtype:trojan-activity;sid:81286365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.14.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423264/; classtype:trojan-activity;sid:81286364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.85.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423263/; classtype:trojan-activity;sid:81286363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.15.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423262/; classtype:trojan-activity;sid:81286362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.58.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423261/; classtype:trojan-activity;sid:81286361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423260)"; flow:established,from_client; content:"GET"; http_method; content:"/23"; http_uri; depth:3; isdataat:!1,relative; content:"98.159.110.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423260/; classtype:trojan-activity;sid:81286360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423259)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/chqe3zqa"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423259/; classtype:trojan-activity;sid:81286359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"80.183.16.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423258/; classtype:trojan-activity;sid:81286358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423257/; classtype:trojan-activity;sid:81286357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423256)"; flow:established,from_client; content:"GET"; http_method; content:"/sitepppp/available-section/verified-17884081868-yojmic/qsdbfmqig2k-vqw5l32k/"; http_uri; depth:77; isdataat:!1,relative; content:"pattyprado.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423256/; classtype:trojan-activity;sid:81286356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423255)"; flow:established,from_client; content:"GET"; http_method; content:"/out.exe"; http_uri; depth:8; isdataat:!1,relative; content:"hinessite.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423255/; classtype:trojan-activity;sid:81286355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.spc"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423254/; classtype:trojan-activity;sid:81286354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423253)"; flow:established,from_client; content:"GET"; http_method; content:"/netlab360.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"45.143.223.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423253/; classtype:trojan-activity;sid:81286353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423252)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423252/; classtype:trojan-activity;sid:81286352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423251)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423251/; classtype:trojan-activity;sid:81286351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423250)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"88.99.123.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423250/; classtype:trojan-activity;sid:81286350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423249)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423249/; classtype:trojan-activity;sid:81286349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423248)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.google"; http_uri; depth:14; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423248/; classtype:trojan-activity;sid:81286348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423247)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423247/; classtype:trojan-activity;sid:81286347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.spc"; http_uri; depth:15; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423246/; classtype:trojan-activity;sid:81286346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423245)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.powerpc"; http_uri; depth:15; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423245/; classtype:trojan-activity;sid:81286345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423244)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423244/; classtype:trojan-activity;sid:81286344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423243)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.google"; http_uri; depth:14; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423243/; classtype:trojan-activity;sid:81286343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423242)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.armv5"; http_uri; depth:13; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423242/; classtype:trojan-activity;sid:81286342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423241)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.m86k"; http_uri; depth:12; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423241/; classtype:trojan-activity;sid:81286341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423240)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423240/; classtype:trojan-activity;sid:81286340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423239)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423239/; classtype:trojan-activity;sid:81286339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423238)"; flow:established,from_client; content:"GET"; http_method; content:"/netlab360.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"45.143.223.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423238/; classtype:trojan-activity;sid:81286338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423237)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.armv4"; http_uri; depth:13; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423237/; classtype:trojan-activity;sid:81286337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423236)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.google"; http_uri; depth:14; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423236/; classtype:trojan-activity;sid:81286336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423235)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.google"; http_uri; depth:15; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423235/; classtype:trojan-activity;sid:81286335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423234)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.armv6"; http_uri; depth:13; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423234/; classtype:trojan-activity;sid:81286334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423233/; classtype:trojan-activity;sid:81286333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.229.223.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423232/; classtype:trojan-activity;sid:81286332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.10.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423231/; classtype:trojan-activity;sid:81286331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.61.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423230/; classtype:trojan-activity;sid:81286330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.82.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423229/; classtype:trojan-activity;sid:81286329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.30.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423228/; classtype:trojan-activity;sid:81286328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.215.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423227/; classtype:trojan-activity;sid:81286327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.152.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423226/; classtype:trojan-activity;sid:81286326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.4.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423225/; classtype:trojan-activity;sid:81286325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.134.190.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423224/; classtype:trojan-activity;sid:81286324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.157.223.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423223/; classtype:trojan-activity;sid:81286323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"95.252.1.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423222/; classtype:trojan-activity;sid:81286322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423221)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z97ou4j.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423221/; classtype:trojan-activity;sid:81286321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423220)"; flow:established,from_client; content:"GET"; http_method; content:"/google.sh"; http_uri; depth:10; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423220/; classtype:trojan-activity;sid:81286320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423219)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/s3vb8lm/"; http_uri; depth:25; isdataat:!1,relative; content:"copavflex.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423219/; classtype:trojan-activity;sid:81286319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423218)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/jwinofpzcdup/xs35472810201ropx8fbwlxe/"; http_uri; depth:58; isdataat:!1,relative; content:"livefarma.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423218/; classtype:trojan-activity;sid:81286318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423217)"; flow:established,from_client; content:"GET"; http_method; content:"/images/redcar.png"; http_uri; depth:18; isdataat:!1,relative; content:"86.104.194.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423217/; classtype:trojan-activity;sid:81286317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423216)"; flow:established,from_client; content:"GET"; http_method; content:"/sn0rt.sh"; http_uri; depth:9; isdataat:!1,relative; content:"methamk.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423216/; classtype:trojan-activity;sid:81286316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423215)"; flow:established,from_client; content:"GET"; http_method; content:"/infectedn.sh"; http_uri; depth:13; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423215/; classtype:trojan-activity;sid:81286315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423214)"; flow:established,from_client; content:"GET"; http_method; content:"/n3dn0e09c5d9bu70v1720/init.sh"; http_uri; depth:30; isdataat:!1,relative; content:"45.153.240.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423214/; classtype:trojan-activity;sid:81286314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423213)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.i586"; http_uri; depth:12; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423213/; classtype:trojan-activity;sid:81286313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.201.34.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423212/; classtype:trojan-activity;sid:81286312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.243.14.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423211/; classtype:trojan-activity;sid:81286311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423210/; classtype:trojan-activity;sid:81286310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.187.164.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423209/; classtype:trojan-activity;sid:81286309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.117.18.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423208/; classtype:trojan-activity;sid:81286308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.40.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423207/; classtype:trojan-activity;sid:81286307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423206)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.mips"; http_uri; depth:12; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423206/; classtype:trojan-activity;sid:81286306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"201.1.126.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423205/; classtype:trojan-activity;sid:81286305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423204)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423204/; classtype:trojan-activity;sid:81286304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423203)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.i686"; http_uri; depth:12; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423203/; classtype:trojan-activity;sid:81286303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423202)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.x86"; http_uri; depth:11; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423202/; classtype:trojan-activity;sid:81286302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423201)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.sparc"; http_uri; depth:13; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423201/; classtype:trojan-activity;sid:81286301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423200)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.sh"; http_uri; depth:10; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423200/; classtype:trojan-activity;sid:81286300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423199)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"123.245.10.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423199/; classtype:trojan-activity;sid:81286299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423198)"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.mipsel"; http_uri; depth:14; isdataat:!1,relative; content:"192.81.217.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423198/; classtype:trojan-activity;sid:81286298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423197)"; flow:established,from_client; content:"GET"; http_method; content:"/bsbdbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"88.99.123.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423197/; classtype:trojan-activity;sid:81286297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423196/; classtype:trojan-activity;sid:81286296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423195)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423195/; classtype:trojan-activity;sid:81286295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423194/; classtype:trojan-activity;sid:81286294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423193)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"88.99.123.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423193/; classtype:trojan-activity;sid:81286293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423192)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423192/; classtype:trojan-activity;sid:81286292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423191)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sparc"; http_uri; depth:11; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423191/; classtype:trojan-activity;sid:81286291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423190)"; flow:established,from_client; content:"GET"; http_method; content:"/23"; http_uri; depth:3; isdataat:!1,relative; content:"98.159.99.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423190/; classtype:trojan-activity;sid:81286290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423189)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"88.99.123.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423189/; classtype:trojan-activity;sid:81286289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423188)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423188/; classtype:trojan-activity;sid:81286288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423187)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423187/; classtype:trojan-activity;sid:81286287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423186)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423186/; classtype:trojan-activity;sid:81286286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423185)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423185/; classtype:trojan-activity;sid:81286285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423184/; classtype:trojan-activity;sid:81286284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423183)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423183/; classtype:trojan-activity;sid:81286283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423182)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423182/; classtype:trojan-activity;sid:81286282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423181)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423181/; classtype:trojan-activity;sid:81286281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423180)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423180/; classtype:trojan-activity;sid:81286280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423179)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423179/; classtype:trojan-activity;sid:81286279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423178)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423178/; classtype:trojan-activity;sid:81286278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423177)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423177/; classtype:trojan-activity;sid:81286277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423176)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423176/; classtype:trojan-activity;sid:81286276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423175)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423175/; classtype:trojan-activity;sid:81286275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423174)"; flow:established,from_client; content:"GET"; http_method; content:"/awfg.sh"; http_uri; depth:8; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423174/; classtype:trojan-activity;sid:81286274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423173)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"88.99.123.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423173/; classtype:trojan-activity;sid:81286273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423172/; classtype:trojan-activity;sid:81286272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423171)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423171/; classtype:trojan-activity;sid:81286271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423170)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423170/; classtype:trojan-activity;sid:81286270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423169)"; flow:established,from_client; content:"GET"; http_method; content:"/bear.sh"; http_uri; depth:8; isdataat:!1,relative; content:"194.15.36.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423169/; classtype:trojan-activity;sid:81286269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423168)"; flow:established,from_client; content:"GET"; http_method; content:"/aces.sh"; http_uri; depth:8; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423168/; classtype:trojan-activity;sid:81286268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423167)"; flow:established,from_client; content:"GET"; http_method; content:"/allgenerations/ks/"; http_uri; depth:19; isdataat:!1,relative; content:"www.mopsl.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423167/; classtype:trojan-activity;sid:81286267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.124.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423166/; classtype:trojan-activity;sid:81286266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.6.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423165/; classtype:trojan-activity;sid:81286265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.179.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423164/; classtype:trojan-activity;sid:81286264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"77.43.180.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423163/; classtype:trojan-activity;sid:81286263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.248.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423162/; classtype:trojan-activity;sid:81286262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423161/; classtype:trojan-activity;sid:81286261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423160/; classtype:trojan-activity;sid:81286260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.33.140.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423159/; classtype:trojan-activity;sid:81286259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423158)"; flow:established,from_client; content:"GET"; http_method; content:"/egherdbaseball/z_xu00_9hbk939elw/"; http_uri; depth:34; isdataat:!1,relative; content:"www.planetkram.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423158/; classtype:trojan-activity;sid:81286258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423157)"; flow:established,from_client; content:"GET"; http_method; content:"/pz/ybu2chs1980/"; http_uri; depth:16; isdataat:!1,relative; content:"taolodge.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423157/; classtype:trojan-activity;sid:81286257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423156)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"207.5.32.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423156/; classtype:trojan-activity;sid:81286256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.121.101.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423155/; classtype:trojan-activity;sid:81286255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"174.48.181.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423154/; classtype:trojan-activity;sid:81286254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423153)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423153/; classtype:trojan-activity;sid:81286253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423152)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423152/; classtype:trojan-activity;sid:81286252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423151)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423151/; classtype:trojan-activity;sid:81286251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423150)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423150/; classtype:trojan-activity;sid:81286250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423149)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423149/; classtype:trojan-activity;sid:81286249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423148)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423148/; classtype:trojan-activity;sid:81286248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423147)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423147/; classtype:trojan-activity;sid:81286247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423146)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423146/; classtype:trojan-activity;sid:81286246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423145)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423145/; classtype:trojan-activity;sid:81286245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423144)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; content:"134.122.100.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423144/; classtype:trojan-activity;sid:81286244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"161.35.174.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423143/; classtype:trojan-activity;sid:81286243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"88.249.244.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423142/; classtype:trojan-activity;sid:81286242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.129.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423141/; classtype:trojan-activity;sid:81286241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.73.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423140/; classtype:trojan-activity;sid:81286240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"94.43.139.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423139/; classtype:trojan-activity;sid:81286239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.27.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423138/; classtype:trojan-activity;sid:81286238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423137/; classtype:trojan-activity;sid:81286237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.36.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423136/; classtype:trojan-activity;sid:81286236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.82.145.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423135/; classtype:trojan-activity;sid:81286235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423134/; classtype:trojan-activity;sid:81286234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.227.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423133/; classtype:trojan-activity;sid:81286233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423132)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/ddu0a09ycs/"; http_uri; depth:29; isdataat:!1,relative; content:"yusufpaintings.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_01; reference:url, urlhaus.abuse.ch/url/423132/; classtype:trojan-activity;sid:81286232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423131)"; flow:established,from_client; content:"GET"; http_method; content:"/2016/etrac/6vrcmia9/pi63423304amidtqmfyebgty5h/"; http_uri; depth:48; isdataat:!1,relative; content:"www.groovability.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423131/; classtype:trojan-activity;sid:81286231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423130)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.19.121.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423130/; classtype:trojan-activity;sid:81286230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423129)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/closed_disk/interior_profile/21736104394043_pryjlm6s3fnf9/"; http_uri; depth:67; isdataat:!1,relative; content:"hcfoods.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423129/; classtype:trojan-activity;sid:81286229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423128)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/documentation/38z49ek/gin162165t63zbwlbmhcftdy/"; http_uri; depth:56; isdataat:!1,relative; content:"hdsr.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423128/; classtype:trojan-activity;sid:81286228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423127)"; flow:established,from_client; content:"GET"; http_method; content:"/9c950e/public/z1nykw8v1vh/"; http_uri; depth:27; isdataat:!1,relative; content:"heartssetfree.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423127/; classtype:trojan-activity;sid:81286227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423126)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/report/4iuunkjv/65790198832kmkgthh5ztrznaf5dy0hi/"; http_uri; depth:58; isdataat:!1,relative; content:"henkphilipsen.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423126/; classtype:trojan-activity;sid:81286226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423125)"; flow:established,from_client; content:"GET"; http_method; content:"/iantipodes/invoice/7wm4188473apg7j335xwe5/"; http_uri; depth:43; isdataat:!1,relative; content:"www.herms.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423125/; classtype:trojan-activity;sid:81286225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423124)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/paclm/"; http_uri; depth:15; isdataat:!1,relative; content:"hostech.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423124/; classtype:trojan-activity;sid:81286224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423123)"; flow:established,from_client; content:"GET"; http_method; content:"/lcradioetv/file/n8bl9i7ye/"; http_uri; depth:27; isdataat:!1,relative; content:"hostmelodia.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423123/; classtype:trojan-activity;sid:81286223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423122)"; flow:established,from_client; content:"GET"; http_method; content:"/richard/browse/otvu2ueu/ekw0f3014020764iq7lkloiazlbmvji16td6/"; http_uri; depth:62; isdataat:!1,relative; content:"huffpuff.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423122/; classtype:trojan-activity;sid:81286222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423121)"; flow:established,from_client; content:"GET"; http_method; content:"/file/885235916712/"; http_uri; depth:19; isdataat:!1,relative; content:"warriorllc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423121/; classtype:trojan-activity;sid:81286221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423120)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/personal-module/verified-space/m2iwraa-i88ugeu2f1z9/"; http_uri; depth:57; isdataat:!1,relative; content:"immediax.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423120/; classtype:trojan-activity;sid:81286220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423119)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/public/gcehwo1/"; http_uri; depth:24; isdataat:!1,relative; content:"myofficeplus.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423119/; classtype:trojan-activity;sid:81286219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423118)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"37.49.224.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423118/; classtype:trojan-activity;sid:81286218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423117)"; flow:established,from_client; content:"GET"; http_method; content:"/private-578603606-l38wndrhle7mnu/chzla-czm0vnju2i-u8a3-azhafn7ch/99t0jlvyq-sx13t0220/"; http_uri; depth:86; isdataat:!1,relative; content:"planktonik.hu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423117/; classtype:trojan-activity;sid:81286217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423116)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/common_ddgvpf7e_meqfmdihv0/open_9180606_mhmdfujuujntx/466240765099_llllkcvl/"; http_uri; depth:85; isdataat:!1,relative; content:"mesko.cz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423116/; classtype:trojan-activity;sid:81286216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423115)"; flow:established,from_client; content:"GET"; http_method; content:"/erros/multifunctional_m3zpwbk_tuchw29ey/verified_6pb_uxblj70mfjxoeuq/pdt1ccila_lr6qp9m0jnrh8/"; http_uri; depth:94; isdataat:!1,relative; content:"ipirangaonline.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423115/; classtype:trojan-activity;sid:81286215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423114)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/personal-zone/additional-profile/idchre-dgtc08rk/"; http_uri; depth:56; isdataat:!1,relative; content:"indep.uz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423114/; classtype:trojan-activity;sid:81286214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423113)"; flow:established,from_client; content:"GET"; http_method; content:"/open-call/browse/52gj7pe1olf/"; http_uri; depth:30; isdataat:!1,relative; content:"cgemtalent.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423113/; classtype:trojan-activity;sid:81286213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423112)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/etrac/"; http_uri; depth:15; isdataat:!1,relative; content:"www.cistilniservis-t530.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423112/; classtype:trojan-activity;sid:81286212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423111)"; flow:established,from_client; content:"GET"; http_method; content:"/document/jx4ozihze4w/"; http_uri; depth:22; isdataat:!1,relative; content:"warrenmarketing.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423111/; classtype:trojan-activity;sid:81286211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423110)"; flow:established,from_client; content:"GET"; http_method; content:"/klabmoz/doc/1w610025424185l3bhrb4izzkhohohw/"; http_uri; depth:45; isdataat:!1,relative; content:"oficinadinheiro.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423110/; classtype:trojan-activity;sid:81286210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423109)"; flow:established,from_client; content:"GET"; http_method; content:"/shell/87899492382719327/b61835239988217707nfiouvxbawl9v671nnlr5/"; http_uri; depth:65; isdataat:!1,relative; content:"ruateresaonline.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423109/; classtype:trojan-activity;sid:81286209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423108)"; flow:established,from_client; content:"GET"; http_method; content:"/image/document/82qr5rdtshz/"; http_uri; depth:28; isdataat:!1,relative; content:"hoogveld-service.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423108/; classtype:trojan-activity;sid:81286208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423107)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/browse/js7t5mywau0/"; http_uri; depth:28; isdataat:!1,relative; content:"iansawyer.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423107/; classtype:trojan-activity;sid:81286207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423106)"; flow:established,from_client; content:"GET"; http_method; content:"/2009/esp/ktixqevc2ru/"; http_uri; depth:22; isdataat:!1,relative; content:"riovibe.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423106/; classtype:trojan-activity;sid:81286206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423105)"; flow:established,from_client; content:"GET"; http_method; content:"/library/o_eo_97ml/"; http_uri; depth:19; isdataat:!1,relative; content:"www.naayers.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423105/; classtype:trojan-activity;sid:81286205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423104)"; flow:established,from_client; content:"GET"; http_method; content:"/_db_backups/t_e_v7qizcr2/"; http_uri; depth:26; isdataat:!1,relative; content:"my6thgen.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423104/; classtype:trojan-activity;sid:81286204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423103)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/uwr_u4_ed3qzbb/"; http_uri; depth:28; isdataat:!1,relative; content:"muliarental.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423103/; classtype:trojan-activity;sid:81286203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423102)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/mff_xao9d_5ld5qajfmx/"; http_uri; depth:30; isdataat:!1,relative; content:"ltrybus.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423102/; classtype:trojan-activity;sid:81286202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423101)"; flow:established,from_client; content:"GET"; http_method; content:"/bluesforsale/zi6_v4g0_rmyg/"; http_uri; depth:28; isdataat:!1,relative; content:"mywebnerd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423101/; classtype:trojan-activity;sid:81286201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423100)"; flow:established,from_client; content:"GET"; http_method; content:"/static/swift/"; http_uri; depth:14; isdataat:!1,relative; content:"nadsupplies.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423100/; classtype:trojan-activity;sid:81286200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423099)"; flow:established,from_client; content:"GET"; http_method; content:"/ourfirstvalentinesday/docs/"; http_uri; depth:28; isdataat:!1,relative; content:"certezacpa.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423099/; classtype:trojan-activity;sid:81286199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423098)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/zaviixl730/"; http_uri; depth:17; isdataat:!1,relative; content:"www.meltonian.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423098/; classtype:trojan-activity;sid:81286198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423097)"; flow:established,from_client; content:"GET"; http_method; content:"/cs2300/qvjapcy/"; http_uri; depth:16; isdataat:!1,relative; content:"mwrouse.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423097/; classtype:trojan-activity;sid:81286197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423096)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/riw/"; http_uri; depth:12; isdataat:!1,relative; content:"proreclame.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423096/; classtype:trojan-activity;sid:81286196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423095)"; flow:established,from_client; content:"GET"; http_method; content:"/irvkrmq/"; http_uri; depth:9; isdataat:!1,relative; content:"www.mollymoody.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423095/; classtype:trojan-activity;sid:81286195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423094)"; flow:established,from_client; content:"GET"; http_method; content:"/privilege/vwwmjydu/"; http_uri; depth:20; isdataat:!1,relative; content:"prolicitar.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423094/; classtype:trojan-activity;sid:81286194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423093)"; flow:established,from_client; content:"GET"; http_method; content:"/images/swift/lybxqp2j363/"; http_uri; depth:26; isdataat:!1,relative; content:"smleads.eu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423093/; classtype:trojan-activity;sid:81286193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423092)"; flow:established,from_client; content:"GET"; http_method; content:"/bot/attachments/paxzmv1f8/"; http_uri; depth:27; isdataat:!1,relative; content:"danaldea.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423092/; classtype:trojan-activity;sid:81286192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423091)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/attqf4777899u9fv34uepg6p18nx15t/"; http_uri; depth:49; isdataat:!1,relative; content:"wolung.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423091/; classtype:trojan-activity;sid:81286191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423090)"; flow:established,from_client; content:"GET"; http_method; content:"/subdomain_dev/public/"; http_uri; depth:22; isdataat:!1,relative; content:"riandutra.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423090/; classtype:trojan-activity;sid:81286190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423089)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/"; http_uri; depth:26; isdataat:!1,relative; content:"rio-music.dk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423089/; classtype:trojan-activity;sid:81286189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423088)"; flow:established,from_client; content:"GET"; http_method; content:"/kanbanemacao/0972108476449820/7pteqhr13056069536inaf68hrdiaxt/"; http_uri; depth:63; isdataat:!1,relative; content:"rodrigozambon.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423088/; classtype:trojan-activity;sid:81286188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423087)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423087/; classtype:trojan-activity;sid:81286187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423086)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423086/; classtype:trojan-activity;sid:81286186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423085)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423085/; classtype:trojan-activity;sid:81286185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423084)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423084/; classtype:trojan-activity;sid:81286184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423083)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423083/; classtype:trojan-activity;sid:81286183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423082)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423082/; classtype:trojan-activity;sid:81286182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423081)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423081/; classtype:trojan-activity;sid:81286181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423080)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423080/; classtype:trojan-activity;sid:81286180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423079)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423079/; classtype:trojan-activity;sid:81286179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423078)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423078/; classtype:trojan-activity;sid:81286178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423077)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423077/; classtype:trojan-activity;sid:81286177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423076)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423076/; classtype:trojan-activity;sid:81286176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423075)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423075/; classtype:trojan-activity;sid:81286175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423074)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423074/; classtype:trojan-activity;sid:81286174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423073)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423073/; classtype:trojan-activity;sid:81286173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423072)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423072/; classtype:trojan-activity;sid:81286172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423071)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423071/; classtype:trojan-activity;sid:81286171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423070)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423070/; classtype:trojan-activity;sid:81286170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423069)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423069/; classtype:trojan-activity;sid:81286169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423068)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423068/; classtype:trojan-activity;sid:81286168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423067)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423067/; classtype:trojan-activity;sid:81286167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423066)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423066/; classtype:trojan-activity;sid:81286166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423065)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423065/; classtype:trojan-activity;sid:81286165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423064)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423064/; classtype:trojan-activity;sid:81286164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423063)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423063/; classtype:trojan-activity;sid:81286163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423062)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423062/; classtype:trojan-activity;sid:81286162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423061)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423061/; classtype:trojan-activity;sid:81286161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423060)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423060/; classtype:trojan-activity;sid:81286160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423059)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"q05oi5s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423059/; classtype:trojan-activity;sid:81286159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423058)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423058/; classtype:trojan-activity;sid:81286158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423057)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423057/; classtype:trojan-activity;sid:81286157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423056)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423056/; classtype:trojan-activity;sid:81286156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423055)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423055/; classtype:trojan-activity;sid:81286155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423054)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423054/; classtype:trojan-activity;sid:81286154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423053)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423053/; classtype:trojan-activity;sid:81286153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423052)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423052/; classtype:trojan-activity;sid:81286152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423051)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423051/; classtype:trojan-activity;sid:81286151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423050)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423050/; classtype:trojan-activity;sid:81286150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423049)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423049/; classtype:trojan-activity;sid:81286149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423048)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423048/; classtype:trojan-activity;sid:81286148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423047)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423047/; classtype:trojan-activity;sid:81286147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423046)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423046/; classtype:trojan-activity;sid:81286146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423045)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423045/; classtype:trojan-activity;sid:81286145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423044)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"b94yhzk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423044/; classtype:trojan-activity;sid:81286144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423043)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423043/; classtype:trojan-activity;sid:81286143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423042)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423042/; classtype:trojan-activity;sid:81286142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423041)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423041/; classtype:trojan-activity;sid:81286141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423040)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423040/; classtype:trojan-activity;sid:81286140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423039)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423039/; classtype:trojan-activity;sid:81286139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.33.132.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423038/; classtype:trojan-activity;sid:81286138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.124.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423037/; classtype:trojan-activity;sid:81286137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.144.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423036/; classtype:trojan-activity;sid:81286136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.91.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423035/; classtype:trojan-activity;sid:81286135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423034/; classtype:trojan-activity;sid:81286134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.159.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423033/; classtype:trojan-activity;sid:81286133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.125.116.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423032/; classtype:trojan-activity;sid:81286132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.113.40.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423031/; classtype:trojan-activity;sid:81286131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.62.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423030/; classtype:trojan-activity;sid:81286130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423029)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423029/; classtype:trojan-activity;sid:81286129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423028)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423028/; classtype:trojan-activity;sid:81286128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423027)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423027/; classtype:trojan-activity;sid:81286127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423026)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423026/; classtype:trojan-activity;sid:81286126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423025)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423025/; classtype:trojan-activity;sid:81286125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423024)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423024/; classtype:trojan-activity;sid:81286124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423023)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423023/; classtype:trojan-activity;sid:81286123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423022)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423022/; classtype:trojan-activity;sid:81286122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423021)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423021/; classtype:trojan-activity;sid:81286121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423020)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"2vvezz8.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423020/; classtype:trojan-activity;sid:81286120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423019)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423019/; classtype:trojan-activity;sid:81286119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423018)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423018/; classtype:trojan-activity;sid:81286118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423017)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423017/; classtype:trojan-activity;sid:81286117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423016)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423016/; classtype:trojan-activity;sid:81286116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423015)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423015/; classtype:trojan-activity;sid:81286115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423014)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423014/; classtype:trojan-activity;sid:81286114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423013)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423013/; classtype:trojan-activity;sid:81286113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423012)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423012/; classtype:trojan-activity;sid:81286112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423011)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423011/; classtype:trojan-activity;sid:81286111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423010)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423010/; classtype:trojan-activity;sid:81286110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423009)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423009/; classtype:trojan-activity;sid:81286109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423008)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423008/; classtype:trojan-activity;sid:81286108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423007)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423007/; classtype:trojan-activity;sid:81286107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423006)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423006/; classtype:trojan-activity;sid:81286106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423005)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"impq4r6.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423005/; classtype:trojan-activity;sid:81286105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423004)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/i7u8aifu/dj6w679427768vdxrh0w92b4l/"; http_uri; depth:50; isdataat:!1,relative; content:"eldridgelondon.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423004/; classtype:trojan-activity;sid:81286104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423003)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; content:"45.156.185.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423003/; classtype:trojan-activity;sid:81286103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423002)"; flow:established,from_client; content:"GET"; http_method; content:"/curso/esf280go2ad/mb92w075027377984q5834xkfxs/"; http_uri; depth:47; isdataat:!1,relative; content:"enosso.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423002/; classtype:trojan-activity;sid:81286102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423001)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/pzrk0mpco/"; http_uri; depth:17; isdataat:!1,relative; content:"floow.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423001/; classtype:trojan-activity;sid:81286101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (423000)"; flow:established,from_client; content:"GET"; http_method; content:"/t/nbqq254/"; http_uri; depth:11; isdataat:!1,relative; content:"qatifsport.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/423000/; classtype:trojan-activity;sid:81286100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422999)"; flow:established,from_client; content:"GET"; http_method; content:"/haunted/ca5zuc5/"; http_uri; depth:17; isdataat:!1,relative; content:"renegaderadio.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422999/; classtype:trojan-activity;sid:81286099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/nobh/"; http_uri; depth:10; isdataat:!1,relative; content:"www.onlinemediadesigns.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422998/; classtype:trojan-activity;sid:81286098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422997)"; flow:established,from_client; content:"GET"; http_method; content:"/qbwyat/"; http_uri; depth:8; isdataat:!1,relative; content:"renekok.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422997/; classtype:trojan-activity;sid:81286097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422996)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/eiq/"; http_uri; depth:17; isdataat:!1,relative; content:"rectificadoscarrion.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422996/; classtype:trojan-activity;sid:81286096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422995)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/t9c8jgtk/8uf56c1707/9tb5553584nswsnz5yandch9/"; http_uri; depth:54; isdataat:!1,relative; content:"aglomol.com.mx"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422995/; classtype:trojan-activity;sid:81286095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422994)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/overview/"; http_uri; depth:19; isdataat:!1,relative; content:"crearechile.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422994/; classtype:trojan-activity;sid:81286094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422993)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/ntwmjx1vj4m/v778244736003652p2x7c8143/"; http_uri; depth:54; isdataat:!1,relative; content:"guthixgreengold.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422993/; classtype:trojan-activity;sid:81286093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422992)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/simplepie/scan/"; http_uri; depth:28; isdataat:!1,relative; content:"khoujini.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422992/; classtype:trojan-activity;sid:81286092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422991/; classtype:trojan-activity;sid:81286091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.mips"; http_uri; depth:16; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422990/; classtype:trojan-activity;sid:81286090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422989/; classtype:trojan-activity;sid:81286089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.arm"; http_uri; depth:15; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422988/; classtype:trojan-activity;sid:81286088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422987)"; flow:established,from_client; content:"GET"; http_method; content:"/murcia/sites/"; http_uri; depth:14; isdataat:!1,relative; content:"nasim.hostlin.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422987/; classtype:trojan-activity;sid:81286087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422986)"; flow:established,from_client; content:"GET"; http_method; content:"/test/doc/"; http_uri; depth:10; isdataat:!1,relative; content:"taxiapps.ecec-shop.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422986/; classtype:trojan-activity;sid:81286086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422985)"; flow:established,from_client; content:"GET"; http_method; content:"/iweb/available_section/interior_profile/876783134107_vvpoewdkb4jz9g/"; http_uri; depth:69; isdataat:!1,relative; content:"itekcom.pe"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422985/; classtype:trojan-activity;sid:81286085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422984)"; flow:established,from_client; content:"GET"; http_method; content:"/img/common-8i6ku0pc-9rse3h9aztin/special-profile/fliqm5nhlz-exxzk4rk4/"; http_uri; depth:71; isdataat:!1,relative; content:"yumiwong.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422984/; classtype:trojan-activity;sid:81286084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422983)"; flow:established,from_client; content:"GET"; http_method; content:"/application/statement/1812145593nl6zy7tzq8rhy9arl/"; http_uri; depth:51; isdataat:!1,relative; content:"www.grupoirs.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422983/; classtype:trojan-activity;sid:81286083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422982)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/q6qwqh-tqftgskrokd-array/external-space/gx1shokk2s-a1jlsii21usm7h/"; http_uri; depth:76; isdataat:!1,relative; content:"mapsofpablo.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422982/; classtype:trojan-activity;sid:81286082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.126.35.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422981/; classtype:trojan-activity;sid:81286081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422980)"; flow:established,from_client; content:"GET"; http_method; content:"/connectors/document/"; http_uri; depth:21; isdataat:!1,relative; content:"www.ymdc786.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422980/; classtype:trojan-activity;sid:81286080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422979)"; flow:established,from_client; content:"GET"; http_method; content:"/data/browse/"; http_uri; depth:13; isdataat:!1,relative; content:"www.msbc.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422979/; classtype:trojan-activity;sid:81286079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cutie.x86"; http_uri; depth:15; isdataat:!1,relative; content:"104.244.78.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422978/; classtype:trojan-activity;sid:81286078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422977)"; flow:established,from_client; content:"GET"; http_method; content:"/themes/i5950054454906859110kv03j6km6n/"; http_uri; depth:39; isdataat:!1,relative; content:"editorasede.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422977/; classtype:trojan-activity;sid:81286077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422976)"; flow:established,from_client; content:"GET"; http_method; content:"/products/lm/gi55y2z8569543746078hdvv01w9svlwn6yrs/"; http_uri; depth:51; isdataat:!1,relative; content:"pharmex.ly"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422976/; classtype:trojan-activity;sid:81286076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422975)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0191/aw09246375146ns16zhi6wte91/"; http_uri; depth:42; isdataat:!1,relative; content:"prosmart.ba"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422975/; classtype:trojan-activity;sid:81286075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422974)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice/l660902230010hx4g3xavfb8pz8/"; http_uri; depth:48; isdataat:!1,relative; content:"www.promadchile.cl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422974/; classtype:trojan-activity;sid:81286074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422973)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wbmwd_qxssq1dll_zone/guarded_portal/jfdh1qpb2tikxkt_8s8yw11y28v/"; http_uri; depth:76; isdataat:!1,relative; content:"trendroyal.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422973/; classtype:trojan-activity;sid:81286073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422972)"; flow:established,from_client; content:"GET"; http_method; content:"/css/swift/0y591017395774461859590viijjf2btwrx7z97d6rqm/"; http_uri; depth:56; isdataat:!1,relative; content:"www.atapgafbitumen.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422972/; classtype:trojan-activity;sid:81286072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422971)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/protected_module/test_forum/uuw1qszmmhe_bt34ukfaj39x4/"; http_uri; depth:63; isdataat:!1,relative; content:"www.sambazar.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422971/; classtype:trojan-activity;sid:81286071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422970)"; flow:established,from_client; content:"GET"; http_method; content:"/media/available_sector/external_forum/302097964783_7rr6ey1llk/"; http_uri; depth:63; isdataat:!1,relative; content:"www.parunners.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422970/; classtype:trojan-activity;sid:81286070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422969)"; flow:established,from_client; content:"GET"; http_method; content:"/profiles/t3bg5jq0n/"; http_uri; depth:20; isdataat:!1,relative; content:"www.mycorner360.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422969/; classtype:trojan-activity;sid:81286069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422968)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/available_sector/verifiable_area/gfdli8_g8f3ignnjkvxg/"; http_uri; depth:64; isdataat:!1,relative; content:"nihontravel.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422968/; classtype:trojan-activity;sid:81286068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422967)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/common-942469673-tt2cqfubfb/open-warehouse/ynsyqqs8hb3mvh-vs63t1v3023s9w/"; http_uri; depth:81; isdataat:!1,relative; content:"nalini.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422967/; classtype:trojan-activity;sid:81286067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422966)"; flow:established,from_client; content:"GET"; http_method; content:"/index_htm_files/e7oyhq_nwdjqilww0si78_sector/guarded_forum/ux39onharoa_2xlq2g0zm0llj/"; http_uri; depth:86; isdataat:!1,relative; content:"www.physiowiese.ch"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422966/; classtype:trojan-activity;sid:81286066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422965)"; flow:established,from_client; content:"GET"; http_method; content:"/bookseer/13120734-kp7zzvetk2gstk-zone/open-8838743-dgiojwbw66qch/hrjcybkq-cpcmq2l9hbvx3/"; http_uri; depth:89; isdataat:!1,relative; content:"aptstudio.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422965/; classtype:trojan-activity;sid:81286065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422964)"; flow:established,from_client; content:"GET"; http_method; content:"/elettricista/closed-resource/935332023920-st6p6pp8-space/reovt8ku-meaqbibmvjqdi/"; http_uri; depth:81; isdataat:!1,relative; content:"nomak.it"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422964/; classtype:trojan-activity;sid:81286064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422963)"; flow:established,from_client; content:"GET"; http_method; content:"/images/closed-crln3-qr0sbu6ugbujz6vz/security-4obwjnc6nb-91uqphujiclf3/49329729025825-7tuvz/"; http_uri; depth:93; isdataat:!1,relative; content:"pacwebdesigns.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422963/; classtype:trojan-activity;sid:81286063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422962)"; flow:established,from_client; content:"GET"; http_method; content:"/allgenerations/ks/"; http_uri; depth:19; isdataat:!1,relative; content:"mopsl.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422962/; classtype:trojan-activity;sid:81286062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422961)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/"; http_uri; depth:14; isdataat:!1,relative; content:"www.pacom.it"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422961/; classtype:trojan-activity;sid:81286061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422960)"; flow:established,from_client; content:"GET"; http_method; content:"/css/paclm/anbm1lc076384902417ytgvgkgaqawd10pgc0d/"; http_uri; depth:50; isdataat:!1,relative; content:"vangercum.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422960/; classtype:trojan-activity;sid:81286060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422959)"; flow:established,from_client; content:"GET"; http_method; content:"/twitterapi/w1r1537638795299vaut5zw4v////////"; http_uri; depth:45; isdataat:!1,relative; content:"grupoleferas.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422959/; classtype:trojan-activity;sid:81286059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422958)"; flow:established,from_client; content:"GET"; http_method; content:"/addon_domains/doc/"; http_uri; depth:19; isdataat:!1,relative; content:"www.shineatd.a2hosted.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422958/; classtype:trojan-activity;sid:81286058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422957)"; flow:established,from_client; content:"GET"; http_method; content:"/project/balance/rc372945620952019n9jvwxe0fr/"; http_uri; depth:45; isdataat:!1,relative; content:"www.minutes.com.pk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422957/; classtype:trojan-activity;sid:81286057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422956)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lm/6rxane0cd/1y0r9sv4022106273695q8y8mz01kbe3mj7/"; http_uri; depth:58; isdataat:!1,relative; content:"halley.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422956/; classtype:trojan-activity;sid:81286056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422955)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/"; http_uri; depth:19; isdataat:!1,relative; content:"gvits.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422955/; classtype:trojan-activity;sid:81286055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422954)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/8590829_vxxzvhrzv_cttzl_wu0yg1z0m/additional_eb8dxsjh_71tn4p7gn/fatpwo_0u6vsxpbf/"; http_uri; depth:93; isdataat:!1,relative; content:"guyn3.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422954/; classtype:trojan-activity;sid:81286054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422953)"; flow:established,from_client; content:"GET"; http_method; content:"/corrupt3/llc/lthh2dl507s/h99976908361tyfj78q94puc0laxckq/"; http_uri; depth:58; isdataat:!1,relative; content:"hitisland.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422953/; classtype:trojan-activity;sid:81286053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422952)"; flow:established,from_client; content:"GET"; http_method; content:"/img/documentation/mgzsku99506684060489696gfp9gk5n2wkqfyzm3g/"; http_uri; depth:61; isdataat:!1,relative; content:"hurndall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422952/; classtype:trojan-activity;sid:81286052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422951)"; flow:established,from_client; content:"GET"; http_method; content:"/hirlevel/file/8osr3rmo/"; http_uri; depth:24; isdataat:!1,relative; content:"megfigyel.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422951/; classtype:trojan-activity;sid:81286051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422950)"; flow:established,from_client; content:"GET"; http_method; content:"/old_stuff/lm/"; http_uri; depth:14; isdataat:!1,relative; content:"michaelwilke.at"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422950/; classtype:trojan-activity;sid:81286050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422949)"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/3663979972/bml27f6u/"; http_uri; depth:35; isdataat:!1,relative; content:"mj-web.dk"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422949/; classtype:trojan-activity;sid:81286049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422948)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/statement/b08606781504310601hzhj3az0fagq0/"; http_uri; depth:52; isdataat:!1,relative; content:"bethagroup.com.au"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422948/; classtype:trojan-activity;sid:81286048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.36.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422947/; classtype:trojan-activity;sid:81286047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.208.126.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422946/; classtype:trojan-activity;sid:81286046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"178.134.185.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422945/; classtype:trojan-activity;sid:81286045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.115.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422944/; classtype:trojan-activity;sid:81286044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422943/; classtype:trojan-activity;sid:81286043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.34.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422942/; classtype:trojan-activity;sid:81286042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.2.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422941/; classtype:trojan-activity;sid:81286041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.61.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422940/; classtype:trojan-activity;sid:81286040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422939)"; flow:established,from_client; content:"GET"; http_method; content:"/cocurious/browse/tgmvb3a1b/"; http_uri; depth:28; isdataat:!1,relative; content:"curiousworks.com.au"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422939/; classtype:trojan-activity;sid:81286039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422938)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/10955655/sx2qm9rtt/h9892217364231352282q2hfkly50xezde/"; http_uri; depth:67; isdataat:!1,relative; content:"disbain.es"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422938/; classtype:trojan-activity;sid:81286038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422937)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/inc/a403webiu7ol/x6620485984647266vwp27efho7zuwlxl1lrj/"; http_uri; depth:64; isdataat:!1,relative; content:"g4osj.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422937/; classtype:trojan-activity;sid:81286037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422936)"; flow:established,from_client; content:"GET"; http_method; content:"/carter/invoice/"; http_uri; depth:16; isdataat:!1,relative; content:"jespersen.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422936/; classtype:trojan-activity;sid:81286036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422935)"; flow:established,from_client; content:"GET"; http_method; content:"/writehandservices.com/documentation/"; http_uri; depth:37; isdataat:!1,relative; content:"metheney.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422935/; classtype:trojan-activity;sid:81286035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422934)"; flow:established,from_client; content:"GET"; http_method; content:"/indianlake/browse/"; http_uri; depth:19; isdataat:!1,relative; content:"msmartyford.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422934/; classtype:trojan-activity;sid:81286034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422933)"; flow:established,from_client; content:"GET"; http_method; content:"/videos/parts_service/"; http_uri; depth:22; isdataat:!1,relative; content:"www.neuralfilms.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422933/; classtype:trojan-activity;sid:81286033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422932)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/02lk7834076110680845q82q0be6fvwr5jy3m6/"; http_uri; depth:53; isdataat:!1,relative; content:"www.msu1981.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422932/; classtype:trojan-activity;sid:81286032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422931)"; flow:established,from_client; content:"GET"; http_method; content:"/demos/llc/3lc01nl46/"; http_uri; depth:21; isdataat:!1,relative; content:"multiesfera.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422931/; classtype:trojan-activity;sid:81286031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422930)"; flow:established,from_client; content:"GET"; http_method; content:"/acp/available_section/test_portal/f12yfozjvp_6jjepjkayf2/"; http_uri; depth:58; isdataat:!1,relative; content:"mutlakweb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422930/; classtype:trojan-activity;sid:81286030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422929)"; flow:established,from_client; content:"GET"; http_method; content:"/angol/public/"; http_uri; depth:14; isdataat:!1,relative; content:"multimix.hu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422929/; classtype:trojan-activity;sid:81286029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422928)"; flow:established,from_client; content:"GET"; http_method; content:"/wedding/paclm/"; http_uri; depth:15; isdataat:!1,relative; content:"www.musicstarstudios.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422928/; classtype:trojan-activity;sid:81286028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422927)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/browse/a3yi6sg472yd/458lhr42870895740567v11lw038a86a6x5yh/"; http_uri; depth:67; isdataat:!1,relative; content:"myimmogroup.be"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422927/; classtype:trojan-activity;sid:81286027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422926)"; flow:established,from_client; content:"GET"; http_method; content:"/css/lm/rtoce3abavd2/"; http_uri; depth:21; isdataat:!1,relative; content:"mymoodle.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422926/; classtype:trojan-activity;sid:81286026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422925)"; flow:established,from_client; content:"GET"; http_method; content:"/twitterapi/w1r1537638795299vaut5zw4v///"; http_uri; depth:40; isdataat:!1,relative; content:"grupoleferas.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422925/; classtype:trojan-activity;sid:81286025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422924)"; flow:established,from_client; content:"GET"; http_method; content:"/twitterapi/w1r1537638795299vaut5zw4v/////////"; http_uri; depth:46; isdataat:!1,relative; content:"grupoleferas.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422924/; classtype:trojan-activity;sid:81286024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422923)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/uz6_qs8_qr/"; http_uri; depth:20; isdataat:!1,relative; content:"nwcsvcs.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422923/; classtype:trojan-activity;sid:81286023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422922)"; flow:established,from_client; content:"GET"; http_method; content:"/_mm/oix_ktcpc_dljhsex/"; http_uri; depth:23; isdataat:!1,relative; content:"onewithyoucd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422922/; classtype:trojan-activity;sid:81286022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422921)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/3_o_but9/"; http_uri; depth:18; isdataat:!1,relative; content:"odessaresources.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422921/; classtype:trojan-activity;sid:81286021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422920)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/u_fig_m2mv/"; http_uri; depth:20; isdataat:!1,relative; content:"onefarmdesign.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422920/; classtype:trojan-activity;sid:81286020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422919)"; flow:established,from_client; content:"GET"; http_method; content:"/n_g2o4_jumkt4/"; http_uri; depth:15; isdataat:!1,relative; content:"www.piemonteitinera.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422919/; classtype:trojan-activity;sid:81286019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422918)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/available-resource/guarded-profile/hijjgpje-z05zz49/"; http_uri; depth:64; isdataat:!1,relative; content:"www.nancywhite-realtor.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422918/; classtype:trojan-activity;sid:81286018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422917)"; flow:established,from_client; content:"GET"; http_method; content:"/s014dgksp7/c6t1481561161897pxvlyywdrhxf3k759k63j/"; http_uri; depth:50; isdataat:!1,relative; content:"naeff.ch"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422917/; classtype:trojan-activity;sid:81286017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422916)"; flow:established,from_client; content:"GET"; http_method; content:"/berylwedsdanielcom/2o2v6b/"; http_uri; depth:27; isdataat:!1,relative; content:"natidea.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422916/; classtype:trojan-activity;sid:81286016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422915)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/8bg5jie6bhb/"; http_uri; depth:22; isdataat:!1,relative; content:"ncpll1392.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422915/; classtype:trojan-activity;sid:81286015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422914)"; flow:established,from_client; content:"GET"; http_method; content:"/verimages/documentation/m6m6kp/bzc63058251751301bl0f6lgpo1el/"; http_uri; depth:62; isdataat:!1,relative; content:"nationalboilermaking.com.au"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422914/; classtype:trojan-activity;sid:81286014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422913)"; flow:established,from_client; content:"GET"; http_method; content:"/mangiare/oct/"; http_uri; depth:14; isdataat:!1,relative; content:"netdobrasil.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422913/; classtype:trojan-activity;sid:81286013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422912)"; flow:established,from_client; content:"GET"; http_method; content:"/21"; http_uri; depth:3; isdataat:!1,relative; content:"98.159.110.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422912/; classtype:trojan-activity;sid:81286012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422911)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/documentation/pfyz6550iiq/"; http_uri; depth:35; isdataat:!1,relative; content:"netsoftit.ae"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422911/; classtype:trojan-activity;sid:81286011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422910)"; flow:established,from_client; content:"GET"; http_method; content:"/20131005/swift/01gn500617672fjnxjujjiay/"; http_uri; depth:41; isdataat:!1,relative; content:"neverlandphotography.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422910/; classtype:trojan-activity;sid:81286010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422909)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/llc/"; http_uri; depth:12; isdataat:!1,relative; content:"meisa.com.co"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422909/; classtype:trojan-activity;sid:81286009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422908)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/jmsslider/views/img/layers/frikanya.exe"; http_uri; depth:48; isdataat:!1,relative; content:"baolanh.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422908/; classtype:trojan-activity;sid:81286008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422907)"; flow:established,from_client; content:"GET"; http_method; content:"/ww4w/file/n6uerevu9/"; http_uri; depth:21; isdataat:!1,relative; content:"robbiem.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422907/; classtype:trojan-activity;sid:81286007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422906)"; flow:established,from_client; content:"GET"; http_method; content:"/framelines/attachments/"; http_uri; depth:24; isdataat:!1,relative; content:"nickkind.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422906/; classtype:trojan-activity;sid:81286006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422905)"; flow:established,from_client; content:"GET"; http_method; content:"/news=year/doc/g73gajt95y/"; http_uri; depth:26; isdataat:!1,relative; content:"nightowlmusic.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422905/; classtype:trojan-activity;sid:81286005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422904)"; flow:established,from_client; content:"GET"; http_method; content:"/images/file/kqbqplc/"; http_uri; depth:21; isdataat:!1,relative; content:"newtreedesign.co.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422904/; classtype:trojan-activity;sid:81286004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422903)"; flow:established,from_client; content:"GET"; http_method; content:"/old/wp-content/cache/minify/m_m9_mj/"; http_uri; depth:37; isdataat:!1,relative; content:"knightlycomputing.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422903/; classtype:trojan-activity;sid:81286003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422902)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/bmkhn_v_pd5gahs8/"; http_uri; depth:26; isdataat:!1,relative; content:"essoft.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422902/; classtype:trojan-activity;sid:81286002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422901)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/18i_56g1_o9cw7yj/"; http_uri; depth:26; isdataat:!1,relative; content:"kobes.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422901/; classtype:trojan-activity;sid:81286001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422900)"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/andxl/zvsg2_ijx_nd82wyrwn/"; http_uri; depth:41; isdataat:!1,relative; content:"dairyfocus.com.au"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422900/; classtype:trojan-activity;sid:81286000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422899)"; flow:established,from_client; content:"GET"; http_method; content:"/btrsports/3_qr_elsv8z8sb/"; http_uri; depth:26; isdataat:!1,relative; content:"pufferfiz.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422899/; classtype:trojan-activity;sid:81285999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422898)"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/itn1q_s_nhf/"; http_uri; depth:27; isdataat:!1,relative; content:"rnetwork.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422898/; classtype:trojan-activity;sid:81285998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422897)"; flow:established,from_client; content:"GET"; http_method; content:"/erros/overview/e33pzg70/kor1w3481275391bif266j3bvi6oco1xym/"; http_uri; depth:60; isdataat:!1,relative; content:"nogueiro.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422897/; classtype:trojan-activity;sid:81285997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422896)"; flow:established,from_client; content:"GET"; http_method; content:"/images/imgpaper.png"; http_uri; depth:20; isdataat:!1,relative; content:"86.104.194.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422896/; classtype:trojan-activity;sid:81285996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422895)"; flow:established,from_client; content:"GET"; http_method; content:"/images/payment/0lt4wuh7rrr/"; http_uri; depth:28; isdataat:!1,relative; content:"www.ngupasan-jaya.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422895/; classtype:trojan-activity;sid:81285995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422894)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/jfxg9r188/bc9655388285840mluy5yp0jckukid7/"; http_uri; depth:63; isdataat:!1,relative; content:"norahkhi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422894/; classtype:trojan-activity;sid:81285994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422893)"; flow:established,from_client; content:"GET"; http_method; content:"/plesk-stat/inc/e3z3vcu1/"; http_uri; depth:25; isdataat:!1,relative; content:"nsb.org.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422893/; classtype:trojan-activity;sid:81285993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422892)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.54.59.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422892/; classtype:trojan-activity;sid:81285992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422891)"; flow:established,from_client; content:"GET"; http_method; content:"/sophie/closed_zone/ucdggz_k1w0jiwlu_space/ymtuk0ui0_u8w9su13w692/"; http_uri; depth:66; isdataat:!1,relative; content:"nsheldon.co.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422891/; classtype:trojan-activity;sid:81285991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422890)"; flow:established,from_client; content:"GET"; http_method; content:"/editor/invoice/57l858o/d0kts846735757370s3ic79ot7/"; http_uri; depth:51; isdataat:!1,relative; content:"www.novelideas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422890/; classtype:trojan-activity;sid:81285990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422889)"; flow:established,from_client; content:"GET"; http_method; content:"/images/doc/b2bmzzmxr7v2/"; http_uri; depth:25; isdataat:!1,relative; content:"nonightsweats.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422889/; classtype:trojan-activity;sid:81285989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422888)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.55.16.58"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422888/; classtype:trojan-activity;sid:81285988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422887)"; flow:established,from_client; content:"GET"; http_method; content:"/font/llc/f6f89645668386339a4tvsf4aw7m3swzy/"; http_uri; depth:44; isdataat:!1,relative; content:"obigeorge.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422887/; classtype:trojan-activity;sid:81285987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422886)"; flow:established,from_client; content:"GET"; http_method; content:"/css/statement/ymmfsqzl8/"; http_uri; depth:25; isdataat:!1,relative; content:"officeprint.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422886/; classtype:trojan-activity;sid:81285986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422885)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422885/; classtype:trojan-activity;sid:81285985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422884)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422884/; classtype:trojan-activity;sid:81285984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422883)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422883/; classtype:trojan-activity;sid:81285983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422882)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422882/; classtype:trojan-activity;sid:81285982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422881)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422881/; classtype:trojan-activity;sid:81285981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422880)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422880/; classtype:trojan-activity;sid:81285980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422879)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422879/; classtype:trojan-activity;sid:81285979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422878)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422878/; classtype:trojan-activity;sid:81285978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422877)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422877/; classtype:trojan-activity;sid:81285977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422876)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422876/; classtype:trojan-activity;sid:81285976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422875)"; flow:established,from_client; content:"GET"; http_method; content:"/700824-myywvp4lh-array/test-cloud/d6a3ijrydwgf-kdy04hkmej/"; http_uri; depth:59; isdataat:!1,relative; content:"our-new-world.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422875/; classtype:trojan-activity;sid:81285975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422874)"; flow:established,from_client; content:"GET"; http_method; content:"/images/file/y2158123522313uxzmya7or0/"; http_uri; depth:38; isdataat:!1,relative; content:"onmobileone.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422874/; classtype:trojan-activity;sid:81285974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422873)"; flow:established,from_client; content:"GET"; http_method; content:"/c/swift/0y3vn4fwte6/qk3w604787354121sye5rvnqx42j63xwp3/"; http_uri; depth:56; isdataat:!1,relative; content:"otonet.nl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422873/; classtype:trojan-activity;sid:81285973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422872)"; flow:established,from_client; content:"GET"; http_method; content:"/_vti_bin/browse/5bgz4672039462783019iacev7oifwj1cmkh/"; http_uri; depth:54; isdataat:!1,relative; content:"outsideinpixels.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422872/; classtype:trojan-activity;sid:81285972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422871)"; flow:established,from_client; content:"GET"; http_method; content:"/images/5mmag7bkkk/"; http_uri; depth:19; isdataat:!1,relative; content:"www.faccomputer.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422871/; classtype:trojan-activity;sid:81285971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422870)"; flow:established,from_client; content:"GET"; http_method; content:"/m/h0lv59574/"; http_uri; depth:13; isdataat:!1,relative; content:"stolkie.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422870/; classtype:trojan-activity;sid:81285970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422869)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bfr531220/"; http_uri; depth:20; isdataat:!1,relative; content:"e-motiva.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422869/; classtype:trojan-activity;sid:81285969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422868)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/tlsjw81/"; http_uri; depth:17; isdataat:!1,relative; content:"whistledownfarm.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422868/; classtype:trojan-activity;sid:81285968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422867)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/xhdbmk/"; http_uri; depth:16; isdataat:!1,relative; content:"artexproductions.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422867/; classtype:trojan-activity;sid:81285967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422866/; classtype:trojan-activity;sid:81285966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422865/; classtype:trojan-activity;sid:81285965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.81.154.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422864/; classtype:trojan-activity;sid:81285964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422863)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/wt6p3966027197050nttp2a3bapa4uuyctwi/"; http_uri; depth:54; isdataat:!1,relative; content:"ottimade.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422863/; classtype:trojan-activity;sid:81285963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422862)"; flow:established,from_client; content:"GET"; http_method; content:"/db/private_zone/individual_c8iudnlscq3auvt_f2yk/dvbdz_o0oqb0skguqmy/"; http_uri; depth:69; isdataat:!1,relative; content:"pipesplumbingltd.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422862/; classtype:trojan-activity;sid:81285962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422861)"; flow:established,from_client; content:"GET"; http_method; content:"/micks_chat/5_6w_c14/"; http_uri; depth:21; isdataat:!1,relative; content:"mickreevesmodels.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422861/; classtype:trojan-activity;sid:81285961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422860)"; flow:established,from_client; content:"GET"; http_method; content:"/no4762318318966777581mr1ea7escnr/"; http_uri; depth:34; isdataat:!1,relative; content:"photoclave.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422860/; classtype:trojan-activity;sid:81285960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422859)"; flow:established,from_client; content:"GET"; http_method; content:"/egpe/statement/c7080887nluswzh1h66v65/"; http_uri; depth:39; isdataat:!1,relative; content:"pluswert.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422859/; classtype:trojan-activity;sid:81285959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422858)"; flow:established,from_client; content:"GET"; http_method; content:"/balance/t8dpeb54nchg/e474868660412vht8ymb7vn10qkc6j/"; http_uri; depth:53; isdataat:!1,relative; content:"posmicrosystems.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422858/; classtype:trojan-activity;sid:81285958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422857)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/"; http_uri; depth:14; isdataat:!1,relative; content:"www.pacom.it"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422857/; classtype:trojan-activity;sid:81285957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422856)"; flow:established,from_client; content:"GET"; http_method; content:"/promocao/58779418690509/lcl8f5/"; http_uri; depth:32; isdataat:!1,relative; content:"paisefilhossm.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422856/; classtype:trojan-activity;sid:81285956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422855)"; flow:established,from_client; content:"GET"; http_method; content:"/ww12/attachments/"; http_uri; depth:18; isdataat:!1,relative; content:"www.pajaros.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422855/; classtype:trojan-activity;sid:81285955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422854)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/ra04kc514/"; http_uri; depth:27; isdataat:!1,relative; content:"paladar.es"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422854/; classtype:trojan-activity;sid:81285954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422853)"; flow:established,from_client; content:"GET"; http_method; content:"/lawela/docs/azxxyq/"; http_uri; depth:20; isdataat:!1,relative; content:"www.pages4web.at"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422853/; classtype:trojan-activity;sid:81285953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422852)"; flow:established,from_client; content:"GET"; http_method; content:"/craigsmagicsquare/scan/3nxkgb9/"; http_uri; depth:32; isdataat:!1,relative; content:"paulscomputing.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422852/; classtype:trojan-activity;sid:81285952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422851)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ebjoab798vnm/k37wzxz8lsw4/"; http_uri; depth:36; isdataat:!1,relative; content:"paws4walking.co.uk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422851/; classtype:trojan-activity;sid:81285951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422850)"; flow:established,from_client; content:"GET"; http_method; content:"/images/file/"; http_uri; depth:13; isdataat:!1,relative; content:"www.peil.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422850/; classtype:trojan-activity;sid:81285950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422849)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/attachments/"; http_uri; depth:22; isdataat:!1,relative; content:"pescataminuta.es"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422849/; classtype:trojan-activity;sid:81285949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422848)"; flow:established,from_client; content:"GET"; http_method; content:"/2014.old.site/paclm/l2mtf21om/"; http_uri; depth:31; isdataat:!1,relative; content:"petercollie.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422848/; classtype:trojan-activity;sid:81285948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422847)"; flow:established,from_client; content:"GET"; http_method; content:"/templates_c/sites/"; http_uri; depth:19; isdataat:!1,relative; content:"piotrowskimusic.pl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422847/; classtype:trojan-activity;sid:81285947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422846)"; flow:established,from_client; content:"GET"; http_method; content:"/julho/28julhofdp.jpg"; http_uri; depth:21; isdataat:!1,relative; content:"redefarmapacheco.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422846/; classtype:trojan-activity;sid:81285946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422845)"; flow:established,from_client; content:"GET"; http_method; content:"/document/b19tql74831571235020ofjv32w6m4o2ek6/"; http_uri; depth:46; isdataat:!1,relative; content:"pixelrock.com.au"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422845/; classtype:trojan-activity;sid:81285945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422844)"; flow:established,from_client; content:"GET"; http_method; content:"/promocao/overview/viwm39066300mcpdlsrggbk7wwyf/"; http_uri; depth:48; isdataat:!1,relative; content:"planartgrafica.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422844/; classtype:trojan-activity;sid:81285944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422843)"; flow:established,from_client; content:"GET"; http_method; content:"/nationalparks/lm/rc5rhu6tsxf/r628cy022398837392573brho5bgtg7zlfqy/"; http_uri; depth:67; isdataat:!1,relative; content:"www.plitvicer-seen.de"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422843/; classtype:trojan-activity;sid:81285943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422842)"; flow:established,from_client; content:"GET"; http_method; content:"/opencart/document/4ssoq8jk/riatmyb6060635808153fsa133pw62h91vhs5ia76/"; http_uri; depth:70; isdataat:!1,relative; content:"pinksheep.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422842/; classtype:trojan-activity;sid:81285942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422841)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/woocommerce-memberships/document/"; http_uri; depth:53; isdataat:!1,relative; content:"primaltalk.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422841/; classtype:trojan-activity;sid:81285941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422840)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6515253933/4jzqy5/"; http_uri; depth:30; isdataat:!1,relative; content:"pstanford.co.uk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422840/; classtype:trojan-activity;sid:81285940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422839)"; flow:established,from_client; content:"GET"; http_method; content:"/kb28543/api/update/sp0728"; http_uri; depth:26; isdataat:!1,relative; content:"apifile.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422839/; classtype:trojan-activity;sid:81285939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422838)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/l7639249330751wnfhmi6go4prse5/"; http_uri; depth:39; isdataat:!1,relative; content:"psyberhawk.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422838/; classtype:trojan-activity;sid:81285938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422837)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/t5uujywz88/"; http_uri; depth:21; isdataat:!1,relative; content:"kappetijn.eu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422837/; classtype:trojan-activity;sid:81285937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422836)"; flow:established,from_client; content:"GET"; http_method; content:"/pz/ybu2chs1980/"; http_uri; depth:16; isdataat:!1,relative; content:"taolodge.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422836/; classtype:trojan-activity;sid:81285936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422835)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/hnpury/"; http_uri; depth:13; isdataat:!1,relative; content:"smashingcake.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422835/; classtype:trojan-activity;sid:81285935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422834)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/osha/"; http_uri; depth:15; isdataat:!1,relative; content:"suhailacademy.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422834/; classtype:trojan-activity;sid:81285934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422833)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/stzfogzh/"; http_uri; depth:16; isdataat:!1,relative; content:"geted.de"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422833/; classtype:trojan-activity;sid:81285933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422832)"; flow:established,from_client; content:"GET"; http_method; content:"/b9kxs4x8n6272826/"; http_uri; depth:18; isdataat:!1,relative; content:"moshauer.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422832/; classtype:trojan-activity;sid:81285932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422831)"; flow:established,from_client; content:"GET"; http_method; content:"/logs/470137372392388/ll5cxmt/gid884083030918ay8wzki9dccy73hruk/"; http_uri; depth:64; isdataat:!1,relative; content:"www.purpleline.co.uk"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422831/; classtype:trojan-activity;sid:81285931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422830)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/1yckwmitlch/9bl9279072889996387hvxq7oaln3/"; http_uri; depth:51; isdataat:!1,relative; content:"quasi-monkey.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422830/; classtype:trojan-activity;sid:81285930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422829)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=nudc11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jifu8av.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422829/; classtype:trojan-activity;sid:81285929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422828)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/parts_service/17x243067747506291ho34bbk799dzm/"; http_uri; depth:59; isdataat:!1,relative; content:"ptsroadhouse.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422828/; classtype:trojan-activity;sid:81285928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422827)"; flow:established,from_client; content:"GET"; http_method; content:"/puretel_files/scan/11qe635159924cw523oq434b6wflp/"; http_uri; depth:50; isdataat:!1,relative; content:"puretel.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422827/; classtype:trojan-activity;sid:81285927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422826)"; flow:established,from_client; content:"GET"; http_method; content:"/profiles/etrac/g2c5epssd/w7wm4151382315jw7xpcnlbhfs9/"; http_uri; depth:54; isdataat:!1,relative; content:"publicas.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422826/; classtype:trojan-activity;sid:81285926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422825)"; flow:established,from_client; content:"GET"; http_method; content:"/_notes/overview/v79al94150498322558472p21yx9bnrx/"; http_uri; depth:50; isdataat:!1,relative; content:"pvcprinting.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422825/; classtype:trojan-activity;sid:81285925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422824)"; flow:established,from_client; content:"GET"; http_method; content:"/old/docs/mkntvi/"; http_uri; depth:17; isdataat:!1,relative; content:"rc-models.gr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422824/; classtype:trojan-activity;sid:81285924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422823)"; flow:established,from_client; content:"GET"; http_method; content:"/jerseycarservice/sites/uo66jp0kve/"; http_uri; depth:35; isdataat:!1,relative; content:"quantusmarketing.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422823/; classtype:trojan-activity;sid:81285923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422822)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm6"; http_uri; depth:36; isdataat:!1,relative; content:"methamk.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422822/; classtype:trojan-activity;sid:81285922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422821)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.x86"; http_uri; depth:35; isdataat:!1,relative; content:"methamk.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422821/; classtype:trojan-activity;sid:81285921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422820)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mpsl"; http_uri; depth:36; isdataat:!1,relative; content:"methamk.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422820/; classtype:trojan-activity;sid:81285920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422819)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mips"; http_uri; depth:36; isdataat:!1,relative; content:"amkmeth.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422819/; classtype:trojan-activity;sid:81285919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422818)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm5"; http_uri; depth:36; isdataat:!1,relative; content:"amkmeth.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422818/; classtype:trojan-activity;sid:81285918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422817)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm"; http_uri; depth:35; isdataat:!1,relative; content:"amkmeth.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422817/; classtype:trojan-activity;sid:81285917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422816)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/"; http_uri; depth:18; isdataat:!1,relative; content:"rastarespect.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422816/; classtype:trojan-activity;sid:81285916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.104.98.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422815/; classtype:trojan-activity;sid:81285915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.38.26.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422814/; classtype:trojan-activity;sid:81285914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.11.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422813/; classtype:trojan-activity;sid:81285913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.196.132.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422812/; classtype:trojan-activity;sid:81285912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.187.29.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422811/; classtype:trojan-activity;sid:81285911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422810/; classtype:trojan-activity;sid:81285910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422809/; classtype:trojan-activity;sid:81285909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.9.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422808/; classtype:trojan-activity;sid:81285908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.17.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422807/; classtype:trojan-activity;sid:81285907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422806/; classtype:trojan-activity;sid:81285906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.91.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422805/; classtype:trojan-activity;sid:81285905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.241.170.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422804/; classtype:trojan-activity;sid:81285904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422803)"; flow:established,from_client; content:"GET"; http_method; content:"/plsc_stats/browse/syljr0l9/"; http_uri; depth:28; isdataat:!1,relative; content:"remde.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422803/; classtype:trojan-activity;sid:81285903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422802)"; flow:established,from_client; content:"GET"; http_method; content:"/rendering2/statement/6s60gdn/b2nx66697188dqp4cssbdc/"; http_uri; depth:53; isdataat:!1,relative; content:"remotefacilities.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422802/; classtype:trojan-activity;sid:81285902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422801)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/browse/"; http_uri; depth:16; isdataat:!1,relative; content:"renatoparente.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422801/; classtype:trojan-activity;sid:81285901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422800)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/j655514886ntoclsdrw1p5ykw/"; http_uri; depth:45; isdataat:!1,relative; content:"renatocoto.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422800/; classtype:trojan-activity;sid:81285900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422799)"; flow:established,from_client; content:"GET"; http_method; content:"/awzgld/2e3z59oepo/"; http_uri; depth:19; isdataat:!1,relative; content:"riosan.nl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422799/; classtype:trojan-activity;sid:81285899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422798)"; flow:established,from_client; content:"GET"; http_method; content:"/bootstrap/llc/"; http_uri; depth:15; isdataat:!1,relative; content:"reperf.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422798/; classtype:trojan-activity;sid:81285898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"75.65.178.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422797/; classtype:trojan-activity;sid:81285897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422796)"; flow:established,from_client; content:"GET"; http_method; content:"/ww4w/overview/z64ma3klcke5/"; http_uri; depth:28; isdataat:!1,relative; content:"renowden.id.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422796/; classtype:trojan-activity;sid:81285896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422795)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/overview/biy8jmorki/us3l81016690066kiv8s55y43gl/"; http_uri; depth:57; isdataat:!1,relative; content:"web-extend.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422795/; classtype:trojan-activity;sid:81285895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422794)"; flow:established,from_client; content:"GET"; http_method; content:"/orlovi/document/"; http_uri; depth:17; isdataat:!1,relative; content:"www.bap-host.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422794/; classtype:trojan-activity;sid:81285894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422793)"; flow:established,from_client; content:"GET"; http_method; content:"/shb/klochjt/"; http_uri; depth:13; isdataat:!1,relative; content:"mc130.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422793/; classtype:trojan-activity;sid:81285893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422792)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/rk/"; http_uri; depth:10; isdataat:!1,relative; content:"mc-interiorismo.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422792/; classtype:trojan-activity;sid:81285892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422791)"; flow:established,from_client; content:"GET"; http_method; content:"/assets2/6eep7bwazy/"; http_uri; depth:20; isdataat:!1,relative; content:"vipmein.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422791/; classtype:trojan-activity;sid:81285891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422790)"; flow:established,from_client; content:"GET"; http_method; content:"/large/rem220541/"; http_uri; depth:17; isdataat:!1,relative; content:"mellysphotography.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422790/; classtype:trojan-activity;sid:81285890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422789)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/p6n365/"; http_uri; depth:16; isdataat:!1,relative; content:"mentarimedia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422789/; classtype:trojan-activity;sid:81285889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422788)"; flow:established,from_client; content:"GET"; http_method; content:"/styles/public/esoyhdg5028463662346ldy2kxxfbuy2ud/"; http_uri; depth:50; isdataat:!1,relative; content:"risosystems.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422788/; classtype:trojan-activity;sid:81285888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422787)"; flow:established,from_client; content:"GET"; http_method; content:"/socks111.exe"; http_uri; depth:13; isdataat:!1,relative; content:"fgksdstat14tp.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422787/; classtype:trojan-activity;sid:81285887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422786)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/"; http_uri; depth:21; isdataat:!1,relative; content:"cperformancegroup.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422786/; classtype:trojan-activity;sid:81285886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422785)"; flow:established,from_client; content:"GET"; http_method; content:"/es/parts_service/zh1aunwb7r/"; http_uri; depth:29; isdataat:!1,relative; content:"www.marilenalacasella.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422785/; classtype:trojan-activity;sid:81285885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422784)"; flow:established,from_client; content:"GET"; http_method; content:"/jj/document/954fn1/l3299l7887762526239wseez5y78wdsth6v6kqrg/"; http_uri; depth:61; isdataat:!1,relative; content:"comunicacaovertical.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422784/; classtype:trojan-activity;sid:81285884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422783)"; flow:established,from_client; content:"GET"; http_method; content:"/images/lm/"; http_uri; depth:11; isdataat:!1,relative; content:"rrphotos.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422783/; classtype:trojan-activity;sid:81285883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422782)"; flow:established,from_client; content:"GET"; http_method; content:"/pjhjuc.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"a.uguu.se"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422782/; classtype:trojan-activity;sid:81285882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422781)"; flow:established,from_client; content:"GET"; http_method; content:"/music/isef_vmr_p/"; http_uri; depth:18; isdataat:!1,relative; content:"rollingturtle.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422781/; classtype:trojan-activity;sid:81285881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422780)"; flow:established,from_client; content:"GET"; http_method; content:"/fcm-dl/94_xeb_m7rfe9yj/"; http_uri; depth:24; isdataat:!1,relative; content:"ronnietucker.co.uk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422780/; classtype:trojan-activity;sid:81285880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422779)"; flow:established,from_client; content:"GET"; http_method; content:"/photogallery/7_26kr_ngbv3sha/"; http_uri; depth:30; isdataat:!1,relative; content:"ronsonpainting.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422779/; classtype:trojan-activity;sid:81285879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422778)"; flow:established,from_client; content:"GET"; http_method; content:"/images/ze1_r8_3jdpf63/"; http_uri; depth:23; isdataat:!1,relative; content:"rivcon.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422778/; classtype:trojan-activity;sid:81285878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422777)"; flow:established,from_client; content:"GET"; http_method; content:"/rikotut4/vka_spx_tlz/"; http_uri; depth:22; isdataat:!1,relative; content:"rikotut.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422777/; classtype:trojan-activity;sid:81285877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422776)"; flow:established,from_client; content:"GET"; http_method; content:"/twitterapi/w1r1537638795299vaut5zw4v/"; http_uri; depth:38; isdataat:!1,relative; content:"grupoleferas.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422776/; classtype:trojan-activity;sid:81285876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422775)"; flow:established,from_client; content:"GET"; http_method; content:"/css/y35yu2/j0t17991379438ny1ndfquvf7o9se4scil9z/"; http_uri; depth:49; isdataat:!1,relative; content:"overcreative.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422775/; classtype:trojan-activity;sid:81285875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422774)"; flow:established,from_client; content:"GET"; http_method; content:"/calender/lm/"; http_uri; depth:13; isdataat:!1,relative; content:"www.ripping.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422774/; classtype:trojan-activity;sid:81285874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422773)"; flow:established,from_client; content:"GET"; http_method; content:"/rs-construction/swift/"; http_uri; depth:23; isdataat:!1,relative; content:"rsconsultants.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422773/; classtype:trojan-activity;sid:81285873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422772)"; flow:established,from_client; content:"GET"; http_method; content:"/library/payment/"; http_uri; depth:17; isdataat:!1,relative; content:"dishnchips.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422772/; classtype:trojan-activity;sid:81285872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422771)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/8rvb8b9f7yvo/cn306675122725l0pkp180kyrsntc3cc/"; http_uri; depth:72; isdataat:!1,relative; content:"www.duhallow.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422771/; classtype:trojan-activity;sid:81285871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422770)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm5"; http_uri; depth:28; isdataat:!1,relative; content:"185.172.110.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422770/; classtype:trojan-activity;sid:81285870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422769)"; flow:established,from_client; content:"GET"; http_method; content:"/images/inc/bni9zz26988914488m5h5oi2w7i1vfaqa8/"; http_uri; depth:47; isdataat:!1,relative; content:"cliftonsecurities.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422769/; classtype:trojan-activity;sid:81285869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422768)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inc/"; http_uri; depth:14; isdataat:!1,relative; content:"excelsiorlawpllc.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422768/; classtype:trojan-activity;sid:81285868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422767)"; flow:established,from_client; content:"GET"; http_method; content:"/look/hoga.exe"; http_uri; depth:14; isdataat:!1,relative; content:"www.sol-u-ink.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422767/; classtype:trojan-activity;sid:81285867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422766)"; flow:established,from_client; content:"GET"; http_method; content:"/kurban/reporting/aghqdbbo/"; http_uri; depth:27; isdataat:!1,relative; content:"demonesia.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422766/; classtype:trojan-activity;sid:81285866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422765)"; flow:established,from_client; content:"GET"; http_method; content:"/dtdcrm/overview/6s2001073687601cm9ros2ot0co32gih/"; http_uri; depth:50; isdataat:!1,relative; content:"www.dot2dot.com.my"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422765/; classtype:trojan-activity;sid:81285865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422764)"; flow:established,from_client; content:"GET"; http_method; content:"/rc.exe"; http_uri; depth:7; isdataat:!1,relative; content:"mantis.co.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422764/; classtype:trojan-activity;sid:81285864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422763)"; flow:established,from_client; content:"GET"; http_method; content:"/ac.exe"; http_uri; depth:7; isdataat:!1,relative; content:"michaeldiamantis.ug"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422763/; classtype:trojan-activity;sid:81285863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422762)"; flow:established,from_client; content:"GET"; http_method; content:"/ac.exe"; http_uri; depth:7; isdataat:!1,relative; content:"mantis.co.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422762/; classtype:trojan-activity;sid:81285862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422761)"; flow:established,from_client; content:"GET"; http_method; content:"/rc.exe"; http_uri; depth:7; isdataat:!1,relative; content:"michaeldiamantis.ug"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422761/; classtype:trojan-activity;sid:81285861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422760)"; flow:established,from_client; content:"GET"; http_method; content:"/ds1.exe"; http_uri; depth:8; isdataat:!1,relative; content:"mantis.co.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422760/; classtype:trojan-activity;sid:81285860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422759)"; flow:established,from_client; content:"GET"; http_method; content:"/ds2.exe"; http_uri; depth:8; isdataat:!1,relative; content:"michaeldiamantis.ug"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422759/; classtype:trojan-activity;sid:81285859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422758)"; flow:established,from_client; content:"GET"; http_method; content:"/ds2.exe"; http_uri; depth:8; isdataat:!1,relative; content:"mantis.co.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422758/; classtype:trojan-activity;sid:81285858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422757)"; flow:established,from_client; content:"GET"; http_method; content:"/ds1.exe"; http_uri; depth:8; isdataat:!1,relative; content:"michaeldiamantis.ug"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422757/; classtype:trojan-activity;sid:81285857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422756)"; flow:established,from_client; content:"GET"; http_method; content:"/img/browse/rj1sk7084rwr/"; http_uri; depth:25; isdataat:!1,relative; content:"flamesofrichmond.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422756/; classtype:trojan-activity;sid:81285856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422755)"; flow:established,from_client; content:"GET"; http_method; content:"/qkuriw.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"a.uguu.se"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422755/; classtype:trojan-activity;sid:81285855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422754)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/documentation/"; http_uri; depth:23; isdataat:!1,relative; content:"grieta.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422754/; classtype:trojan-activity;sid:81285854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422753)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/doc/r6dmnn/"; http_uri; depth:18; isdataat:!1,relative; content:"hapaistanbul.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422753/; classtype:trojan-activity;sid:81285853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422752)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/g9jtpj2cj/xu741027834250354duwr7tsowmv/"; http_uri; depth:49; isdataat:!1,relative; content:"itcnt.com.np"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422752/; classtype:trojan-activity;sid:81285852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422751)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/"; http_uri; depth:18; isdataat:!1,relative; content:"mossfs.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422751/; classtype:trojan-activity;sid:81285851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422750)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/6j5xv6nndpaumm/"; http_uri; depth:28; isdataat:!1,relative; content:"robotics.kinex11.info"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422750/; classtype:trojan-activity;sid:81285850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422749)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/statement/nwqb2p0yac5/"; http_uri; depth:34; isdataat:!1,relative; content:"suinfotech.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422749/; classtype:trojan-activity;sid:81285849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422748)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/docs/fclo60qly/"; http_uri; depth:24; isdataat:!1,relative; content:"thesterlinggroup.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422748/; classtype:trojan-activity;sid:81285848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422747)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/statement/nd0baai4n/"; http_uri; depth:29; isdataat:!1,relative; content:"diecieventi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422747/; classtype:trojan-activity;sid:81285847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422746)"; flow:established,from_client; content:"GET"; http_method; content:"/ar/document/9mbrb4/"; http_uri; depth:20; isdataat:!1,relative; content:"genek.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422746/; classtype:trojan-activity;sid:81285846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422745)"; flow:established,from_client; content:"GET"; http_method; content:"/var/tmp/xfers/llc/mwi0aij5eq/ntzaum7034341767582kab0pb720is5vw6/"; http_uri; depth:65; isdataat:!1,relative; content:"michaelphilip.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422745/; classtype:trojan-activity;sid:81285845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422744)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; content:"triathlethe.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422744/; classtype:trojan-activity;sid:81285844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422743)"; flow:established,from_client; content:"GET"; http_method; content:"/js/cv5f543314293u6jcehgyxd60a2b2ey/"; http_uri; depth:36; isdataat:!1,relative; content:"www.netcorp.ec"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422743/; classtype:trojan-activity;sid:81285843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422742)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ftilyhy4be/"; http_uri; depth:21; isdataat:!1,relative; content:"www.nsds.hr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422742/; classtype:trojan-activity;sid:81285842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422741)"; flow:established,from_client; content:"GET"; http_method; content:"/wotsuper1.exe"; http_uri; depth:14; isdataat:!1,relative; content:"45.139.236.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422741/; classtype:trojan-activity;sid:81285841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422740)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf.exe"; http_uri; depth:9; isdataat:!1,relative; content:"marckapiksa.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422740/; classtype:trojan-activity;sid:81285840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422739)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcv.exe"; http_uri; depth:9; isdataat:!1,relative; content:"nvbcdfsvxcs.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422739/; classtype:trojan-activity;sid:81285839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422738)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; content:"bnixons.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422738/; classtype:trojan-activity;sid:81285838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/scan/d2fee72s4uj4/rulnz8012397873v4syarwupru8y6/"; http_uri; depth:53; isdataat:!1,relative; content:"www.rhinoplas.co.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422737/; classtype:trojan-activity;sid:81285837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422736)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; content:"jamshed.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422736/; classtype:trojan-activity;sid:81285836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422735)"; flow:established,from_client; content:"GET"; http_method; content:"/javascript/sites/1xxs57h/"; http_uri; depth:26; isdataat:!1,relative; content:"www.chairsdirect.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422735/; classtype:trojan-activity;sid:81285835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422734)"; flow:established,from_client; content:"GET"; http_method; content:"/configs.exe"; http_uri; depth:12; isdataat:!1,relative; content:"granitnaveka.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422734/; classtype:trojan-activity;sid:81285834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422733)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/8vodzpkkpvcy/"; http_uri; depth:31; isdataat:!1,relative; content:"www.myhms.id"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422733/; classtype:trojan-activity;sid:81285833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422732)"; flow:established,from_client; content:"GET"; http_method; content:"/socks777.exe"; http_uri; depth:13; isdataat:!1,relative; content:"fgkstarserver17km.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422732/; classtype:trojan-activity;sid:81285832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422731)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; content:"zaragoza.co.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422731/; classtype:trojan-activity;sid:81285831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422730)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; content:"www.tribunal.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422730/; classtype:trojan-activity;sid:81285830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422729)"; flow:established,from_client; content:"GET"; http_method; content:"/help/doc/7393q5f428136727138324157ojfyiyz6z91fgyg/"; http_uri; depth:51; isdataat:!1,relative; content:"ditec.com.my"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422729/; classtype:trojan-activity;sid:81285829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422728)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; content:"vcxxzazxc.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422728/; classtype:trojan-activity;sid:81285828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422727)"; flow:established,from_client; content:"GET"; http_method; content:"/stableisbest/savanne.mpsl"; http_uri; depth:26; isdataat:!1,relative; content:"37.49.224.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422727/; classtype:trojan-activity;sid:81285827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422726)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfg.exe"; http_uri; depth:10; isdataat:!1,relative; content:"marckapiksa.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422726/; classtype:trojan-activity;sid:81285826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422725)"; flow:established,from_client; content:"GET"; http_method; content:"/pki/wfrao12794293821212zh05fkmil80dvc3rpi0oe9/"; http_uri; depth:47; isdataat:!1,relative; content:"p2ptrust.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422725/; classtype:trojan-activity;sid:81285825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422724)"; flow:established,from_client; content:"GET"; http_method; content:"/ftiloe/khfopl.exe"; http_uri; depth:18; isdataat:!1,relative; content:"irregnancised.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422724/; classtype:trojan-activity;sid:81285824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422723)"; flow:established,from_client; content:"GET"; http_method; content:"/stableisbest/savanne.mips"; http_uri; depth:26; isdataat:!1,relative; content:"37.49.224.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422723/; classtype:trojan-activity;sid:81285823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422722)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts_index/report/"; http_uri; depth:22; isdataat:!1,relative; content:"djhavoc.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422722/; classtype:trojan-activity;sid:81285822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422721)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; content:"nvbcdfsvxcs.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422721/; classtype:trojan-activity;sid:81285821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/parts_service/t9d396752785418j6i539l17r2w8i/"; http_uri; depth:49; isdataat:!1,relative; content:"www.doubledog.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422720/; classtype:trojan-activity;sid:81285820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422719)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoul.sh"; http_uri; depth:9; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422719/; classtype:trojan-activity;sid:81285819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422718)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422718/; classtype:trojan-activity;sid:81285818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422717)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422717/; classtype:trojan-activity;sid:81285817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422716)"; flow:established,from_client; content:"GET"; http_method; content:"/images/sites/jfieg7t6j/"; http_uri; depth:24; isdataat:!1,relative; content:"ebcsb.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422716/; classtype:trojan-activity;sid:81285816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422715)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"94.100.28.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422715/; classtype:trojan-activity;sid:81285815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/attachments/"; http_uri; depth:17; isdataat:!1,relative; content:"eclosion.jp"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422714/; classtype:trojan-activity;sid:81285814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422713)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422713/; classtype:trojan-activity;sid:81285813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422712)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422712/; classtype:trojan-activity;sid:81285812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422711)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422711/; classtype:trojan-activity;sid:81285811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422710)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/xreq7nicgn/"; http_uri; depth:17; isdataat:!1,relative; content:"eatspam.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422710/; classtype:trojan-activity;sid:81285810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422709)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422709/; classtype:trojan-activity;sid:81285809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422708)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422708/; classtype:trojan-activity;sid:81285808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422707)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422707/; classtype:trojan-activity;sid:81285807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422706)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422706/; classtype:trojan-activity;sid:81285806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422705)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422705/; classtype:trojan-activity;sid:81285805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422704)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422704/; classtype:trojan-activity;sid:81285804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422703)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422703/; classtype:trojan-activity;sid:81285803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422702)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422702/; classtype:trojan-activity;sid:81285802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422701)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422701/; classtype:trojan-activity;sid:81285801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422700)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422700/; classtype:trojan-activity;sid:81285800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422699)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422699/; classtype:trojan-activity;sid:81285799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422698)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422698/; classtype:trojan-activity;sid:81285798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422697)"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/swift/9jcfys9uqu/"; http_uri; depth:32; isdataat:!1,relative; content:"eno.si"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422697/; classtype:trojan-activity;sid:81285797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.205.66.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422696/; classtype:trojan-activity;sid:81285796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422695/; classtype:trojan-activity;sid:81285795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422694/; classtype:trojan-activity;sid:81285794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.104.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422693/; classtype:trojan-activity;sid:81285793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.17.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422692/; classtype:trojan-activity;sid:81285792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.66.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422691/; classtype:trojan-activity;sid:81285791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422690/; classtype:trojan-activity;sid:81285790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.123.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422689/; classtype:trojan-activity;sid:81285789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.163.198.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422688/; classtype:trojan-activity;sid:81285788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422687)"; flow:established,from_client; content:"GET"; http_method; content:"/kraamcare/documentation/"; http_uri; depth:25; isdataat:!1,relative; content:"fam-honing.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422687/; classtype:trojan-activity;sid:81285787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422686)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422686/; classtype:trojan-activity;sid:81285786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422685)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.i586"; http_uri; depth:17; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422685/; classtype:trojan-activity;sid:81285785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422684)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422684/; classtype:trojan-activity;sid:81285784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422683)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422683/; classtype:trojan-activity;sid:81285783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422682)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422682/; classtype:trojan-activity;sid:81285782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422681)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422681/; classtype:trojan-activity;sid:81285781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422680)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.mips"; http_uri; depth:26; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422680/; classtype:trojan-activity;sid:81285780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422679)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.sh4"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422679/; classtype:trojan-activity;sid:81285779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422678)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.m68k"; http_uri; depth:26; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422678/; classtype:trojan-activity;sid:81285778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422677)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.mpsl"; http_uri; depth:26; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422677/; classtype:trojan-activity;sid:81285777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422676)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.ppc"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422676/; classtype:trojan-activity;sid:81285776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422675)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.x86"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422675/; classtype:trojan-activity;sid:81285775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422674)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm7"; http_uri; depth:26; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422674/; classtype:trojan-activity;sid:81285774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422673)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm6"; http_uri; depth:26; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422673/; classtype:trojan-activity;sid:81285773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422672)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm5"; http_uri; depth:26; isdataat:!1,relative; content:"104.140.114.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422672/; classtype:trojan-activity;sid:81285772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422671)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422671/; classtype:trojan-activity;sid:81285771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422670)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422670/; classtype:trojan-activity;sid:81285770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422669)"; flow:established,from_client; content:"GET"; http_method; content:"/images/lsbgf5d22a2l/mbe9wos/"; http_uri; depth:29; isdataat:!1,relative; content:"comars.sk"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422669/; classtype:trojan-activity;sid:81285769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422668)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422668/; classtype:trojan-activity;sid:81285768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422667)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422667/; classtype:trojan-activity;sid:81285767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422666)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422666/; classtype:trojan-activity;sid:81285766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422665)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422665/; classtype:trojan-activity;sid:81285765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422664)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422664/; classtype:trojan-activity;sid:81285764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422663)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.x86"; http_uri; depth:16; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422663/; classtype:trojan-activity;sid:81285763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422662)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.x32"; http_uri; depth:16; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422662/; classtype:trojan-activity;sid:81285762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422661)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.mips"; http_uri; depth:17; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422661/; classtype:trojan-activity;sid:81285761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422660)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422660/; classtype:trojan-activity;sid:81285760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422659)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422659/; classtype:trojan-activity;sid:81285759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422658)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422658/; classtype:trojan-activity;sid:81285758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422657)"; flow:established,from_client; content:"GET"; http_method; content:"/js/browse/m9xx241m4hma/"; http_uri; depth:24; isdataat:!1,relative; content:"evaddesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422657/; classtype:trojan-activity;sid:81285757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422656)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"45.145.185.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422656/; classtype:trojan-activity;sid:81285756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422655)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"45.145.185.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422655/; classtype:trojan-activity;sid:81285755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422654)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"45.145.185.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422654/; classtype:trojan-activity;sid:81285754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422653)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"45.145.185.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422653/; classtype:trojan-activity;sid:81285753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422652)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"45.145.185.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422652/; classtype:trojan-activity;sid:81285752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422651)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"45.145.185.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422651/; classtype:trojan-activity;sid:81285751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"123.110.182.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422650/; classtype:trojan-activity;sid:81285750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422649)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.ppc"; http_uri; depth:54; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422649/; classtype:trojan-activity;sid:81285749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422648)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.spc"; http_uri; depth:54; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422648/; classtype:trojan-activity;sid:81285748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422647)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.sh4"; http_uri; depth:54; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422647/; classtype:trojan-activity;sid:81285747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422646)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.mpsl"; http_uri; depth:55; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422646/; classtype:trojan-activity;sid:81285746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422645)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.mips"; http_uri; depth:55; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422645/; classtype:trojan-activity;sid:81285745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422644)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.m68k"; http_uri; depth:55; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422644/; classtype:trojan-activity;sid:81285744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422643)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.arm7"; http_uri; depth:55; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422643/; classtype:trojan-activity;sid:81285743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422642)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.arm6"; http_uri; depth:55; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422642/; classtype:trojan-activity;sid:81285742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422641)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.arm5"; http_uri; depth:55; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422641/; classtype:trojan-activity;sid:81285741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422640)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422640/; classtype:trojan-activity;sid:81285740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422639)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422639/; classtype:trojan-activity;sid:81285739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422638)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422638/; classtype:trojan-activity;sid:81285738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422637)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422637/; classtype:trojan-activity;sid:81285737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422636)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422636/; classtype:trojan-activity;sid:81285736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422635)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422635/; classtype:trojan-activity;sid:81285735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422634)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422634/; classtype:trojan-activity;sid:81285734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422633)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422633/; classtype:trojan-activity;sid:81285733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422632)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422632/; classtype:trojan-activity;sid:81285732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422631)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422631/; classtype:trojan-activity;sid:81285731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422630)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422630/; classtype:trojan-activity;sid:81285730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422629)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422629/; classtype:trojan-activity;sid:81285729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422628)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.spc"; http_uri; depth:18; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422628/; classtype:trojan-activity;sid:81285728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422627)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422627/; classtype:trojan-activity;sid:81285727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422626)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422626/; classtype:trojan-activity;sid:81285726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422625)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.mips"; http_uri; depth:19; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422625/; classtype:trojan-activity;sid:81285725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422624)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422624/; classtype:trojan-activity;sid:81285724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422623)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422623/; classtype:trojan-activity;sid:81285723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422622)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422622/; classtype:trojan-activity;sid:81285722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422621)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422621/; classtype:trojan-activity;sid:81285721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422620)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.arm"; http_uri; depth:18; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422620/; classtype:trojan-activity;sid:81285720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422619)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.ppc"; http_uri; depth:35; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422619/; classtype:trojan-activity;sid:81285719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422618)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.spc"; http_uri; depth:35; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422618/; classtype:trojan-activity;sid:81285718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422617)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.sh4"; http_uri; depth:35; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422617/; classtype:trojan-activity;sid:81285717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422616)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mpsl"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422616/; classtype:trojan-activity;sid:81285716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422615)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mips"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422615/; classtype:trojan-activity;sid:81285715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422614)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.m68k"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422614/; classtype:trojan-activity;sid:81285714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422613)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm7"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422613/; classtype:trojan-activity;sid:81285713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422612)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm6"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422612/; classtype:trojan-activity;sid:81285712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422611)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm5"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422611/; classtype:trojan-activity;sid:81285711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422610)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm"; http_uri; depth:35; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422610/; classtype:trojan-activity;sid:81285710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422609)"; flow:established,from_client; content:"GET"; http_method; content:"/drop/lm/"; http_uri; depth:9; isdataat:!1,relative; content:"hinessite.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422609/; classtype:trojan-activity;sid:81285709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422608)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.x86"; http_uri; depth:35; isdataat:!1,relative; content:"45.95.168.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422608/; classtype:trojan-activity;sid:81285708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422607)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"45.149.79.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422607/; classtype:trojan-activity;sid:81285707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422606)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.x86"; http_uri; depth:35; isdataat:!1,relative; content:"37.49.230.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422606/; classtype:trojan-activity;sid:81285706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422605)"; flow:established,from_client; content:"GET"; http_method; content:"/uih7u8jy7of7y8o9d6t68it67r8y76t7823tg8weuq/pwnnet.x86"; http_uri; depth:54; isdataat:!1,relative; content:"193.228.91.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422605/; classtype:trojan-activity;sid:81285705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422604)"; flow:established,from_client; content:"GET"; http_method; content:"/qpasyu/ipvlye.x86"; http_uri; depth:18; isdataat:!1,relative; content:"85.204.246.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422604/; classtype:trojan-activity;sid:81285704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422603)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.x86"; http_uri; depth:27; isdataat:!1,relative; content:"134.209.31.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422603/; classtype:trojan-activity;sid:81285703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422602)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"45.145.185.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422602/; classtype:trojan-activity;sid:81285702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422601)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/1277192/"; http_uri; depth:20; isdataat:!1,relative; content:"www.maasen.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422601/; classtype:trojan-activity;sid:81285701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422600)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.arm4"; http_uri; depth:17; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422600/; classtype:trojan-activity;sid:81285700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422599)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422599/; classtype:trojan-activity;sid:81285699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422598)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422598/; classtype:trojan-activity;sid:81285698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422597)"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422597/; classtype:trojan-activity;sid:81285697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422596)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422596/; classtype:trojan-activity;sid:81285696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422595)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422595/; classtype:trojan-activity;sid:81285695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422594)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422594/; classtype:trojan-activity;sid:81285694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422593)"; flow:established,from_client; content:"GET"; http_method; content:"/css/report/dc2imts/"; http_uri; depth:20; isdataat:!1,relative; content:"mainmeetingsraalte.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422593/; classtype:trojan-activity;sid:81285693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"151.52.252.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422592/; classtype:trojan-activity;sid:81285692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422591)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/documentation/"; http_uri; depth:23; isdataat:!1,relative; content:"manvandestad.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422591/; classtype:trojan-activity;sid:81285691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422590)"; flow:established,from_client; content:"GET"; http_method; content:"/es/parts_service/zh1aunwb7r/"; http_uri; depth:29; isdataat:!1,relative; content:"www.marilenalacasella.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422590/; classtype:trojan-activity;sid:81285690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422589)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/"; http_uri; depth:5; isdataat:!1,relative; content:"markelliotson.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422589/; classtype:trojan-activity;sid:81285689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422588)"; flow:established,from_client; content:"GET"; http_method; content:"/tgwqjo.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"a.uguu.se"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422588/; classtype:trojan-activity;sid:81285688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422587)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.116.205.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422587/; classtype:trojan-activity;sid:81285687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422586)"; flow:established,from_client; content:"GET"; http_method; content:"/photos/jh40783/"; http_uri; depth:16; isdataat:!1,relative; content:"irvingstudios.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422586/; classtype:trojan-activity;sid:81285686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422585)"; flow:established,from_client; content:"GET"; http_method; content:"/data/1ojd882281/"; http_uri; depth:17; isdataat:!1,relative; content:"talkceltic.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422585/; classtype:trojan-activity;sid:81285685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422584)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvvv/w11wkn/"; http_uri; depth:14; isdataat:!1,relative; content:"leannewaller.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422584/; classtype:trojan-activity;sid:81285684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422583)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vbgsiz/"; http_uri; depth:19; isdataat:!1,relative; content:"www.leframe.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422583/; classtype:trojan-activity;sid:81285683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422582)"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/rq24eth6sm/"; http_uri; depth:18; isdataat:!1,relative; content:"kyleriffic.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422582/; classtype:trojan-activity;sid:81285682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422581)"; flow:established,from_client; content:"GET"; http_method; content:"/oke2_ehuszy26.bin"; http_uri; depth:18; isdataat:!1,relative; content:"seedwellresources.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422581/; classtype:trojan-activity;sid:81285681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422580)"; flow:established,from_client; content:"GET"; http_method; content:"/socks111.exe"; http_uri; depth:13; isdataat:!1,relative; content:"fgkmailserv19fd.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422580/; classtype:trojan-activity;sid:81285680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422579)"; flow:established,from_client; content:"GET"; http_method; content:"/faw.sh"; http_uri; depth:7; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422579/; classtype:trojan-activity;sid:81285679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422578)"; flow:established,from_client; content:"GET"; http_method; content:"/virp/order0001.exe"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.110.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422578/; classtype:trojan-activity;sid:81285678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422577)"; flow:established,from_client; content:"GET"; http_method; content:"/test/0b-y6-919/"; http_uri; depth:16; isdataat:!1,relative; content:"skia.com.ph"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422577/; classtype:trojan-activity;sid:81285677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422576)"; flow:established,from_client; content:"GET"; http_method; content:"/host/1pot-cmh-08014/"; http_uri; depth:21; isdataat:!1,relative; content:"duosite.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422576/; classtype:trojan-activity;sid:81285676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422575)"; flow:established,from_client; content:"GET"; http_method; content:"/qdqnbf.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"a.uguu.se"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422575/; classtype:trojan-activity;sid:81285675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422574)"; flow:established,from_client; content:"GET"; http_method; content:"/css/y35yu2/j0t17991379438ny1ndfquvf7o9se4scil9z/"; http_uri; depth:49; isdataat:!1,relative; content:"overcreative.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422574/; classtype:trojan-activity;sid:81285674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422573)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/88f97yk/wr7w2116588808dtalnfbhlepumm8/"; http_uri; depth:53; isdataat:!1,relative; content:"lexusinternational.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422573/; classtype:trojan-activity;sid:81285673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422572)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nf_p0w_z87k/"; http_uri; depth:25; isdataat:!1,relative; content:"mktf.mx"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422572/; classtype:trojan-activity;sid:81285672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422571)"; flow:established,from_client; content:"GET"; http_method; content:"/egherdbaseball/z_xu00_9hbk939elw/"; http_uri; depth:34; isdataat:!1,relative; content:"www.planetkram.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422571/; classtype:trojan-activity;sid:81285671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422570)"; flow:established,from_client; content:"GET"; http_method; content:"/suspend-page/0e_wt5bq_ekn/"; http_uri; depth:27; isdataat:!1,relative; content:"meulocal.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422570/; classtype:trojan-activity;sid:81285670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422569)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qa0_i_qzk/"; http_uri; depth:19; isdataat:!1,relative; content:"maxiquim.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422569/; classtype:trojan-activity;sid:81285669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422568)"; flow:established,from_client; content:"GET"; http_method; content:"/nav/pu_4cz89_3e81ooa90c/"; http_uri; depth:25; isdataat:!1,relative; content:"dragonfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422568/; classtype:trojan-activity;sid:81285668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422567)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/busify/bbb/oyheairrrubnacp.exe"; http_uri; depth:49; isdataat:!1,relative; content:"bozlarenerji.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422567/; classtype:trojan-activity;sid:81285667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422566)"; flow:established,from_client; content:"GET"; http_method; content:"/svncreg.exe"; http_uri; depth:12; isdataat:!1,relative; content:"101.99.90.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422566/; classtype:trojan-activity;sid:81285666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422565)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; content:"136.244.101.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422565/; classtype:trojan-activity;sid:81285665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.199.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422564/; classtype:trojan-activity;sid:81285664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"91.234.60.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422563/; classtype:trojan-activity;sid:81285663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.187.244.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422562/; classtype:trojan-activity;sid:81285662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422561)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"107.206.46.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422561/; classtype:trojan-activity;sid:81285661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.arm"; http_uri; depth:17; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422560/; classtype:trojan-activity;sid:81285660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422559/; classtype:trojan-activity;sid:81285659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422558/; classtype:trojan-activity;sid:81285658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422557/; classtype:trojan-activity;sid:81285657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422556/; classtype:trojan-activity;sid:81285656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422555/; classtype:trojan-activity;sid:81285655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422554/; classtype:trojan-activity;sid:81285654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.mips"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422553/; classtype:trojan-activity;sid:81285653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422552/; classtype:trojan-activity;sid:81285652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422551/; classtype:trojan-activity;sid:81285651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422550/; classtype:trojan-activity;sid:81285650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422549/; classtype:trojan-activity;sid:81285649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.arm"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422548/; classtype:trojan-activity;sid:81285648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.mips"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422547/; classtype:trojan-activity;sid:81285647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422546/; classtype:trojan-activity;sid:81285646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422545/; classtype:trojan-activity;sid:81285645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testing.x86"; http_uri; depth:17; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422544/; classtype:trojan-activity;sid:81285644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onedrive.x86"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422543/; classtype:trojan-activity;sid:81285643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422542)"; flow:established,from_client; content:"GET"; http_method; content:"/file/t4xytmey3ltw9ys/skynet_03082000123.7z/file"; http_uri; depth:48; isdataat:!1,relative; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422542/; classtype:trojan-activity;sid:81285642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422541)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"87.26.131.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422541/; classtype:trojan-activity;sid:81285641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422540)"; flow:established,from_client; content:"GET"; http_method; content:"/doc99281270.exe"; http_uri; depth:16; isdataat:!1,relative; content:"saidagruop.jp"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422540/; classtype:trojan-activity;sid:81285640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422539)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoul.sh"; http_uri; depth:9; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422539/; classtype:trojan-activity;sid:81285639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422538)"; flow:established,from_client; content:"GET"; http_method; content:"/bgc/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"multiplecloudserviceforfileintergrate.duckdns.org"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422538/; classtype:trojan-activity;sid:81285638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422537)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoul.sh"; http_uri; depth:9; isdataat:!1,relative; content:"51.178.218.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422537/; classtype:trojan-activity;sid:81285637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"179.126.42.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422536/; classtype:trojan-activity;sid:81285636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"167.179.68.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422535/; classtype:trojan-activity;sid:81285635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"185.186.77.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422534/; classtype:trojan-activity;sid:81285634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422533)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.102.64.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422533/; classtype:trojan-activity;sid:81285633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422532)"; flow:established,from_client; content:"GET"; http_method; content:"/sensi.sh"; http_uri; depth:9; isdataat:!1,relative; content:"40.115.137.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422532/; classtype:trojan-activity;sid:81285632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422531)"; flow:established,from_client; content:"GET"; http_method; content:"/kwari.sh"; http_uri; depth:9; isdataat:!1,relative; content:"103.145.12.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422531/; classtype:trojan-activity;sid:81285631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422530)"; flow:established,from_client; content:"GET"; http_method; content:"/ghoul.sh"; http_uri; depth:9; isdataat:!1,relative; content:"45.43.18.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422530/; classtype:trojan-activity;sid:81285630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422529/; classtype:trojan-activity;sid:81285629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.100.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422528/; classtype:trojan-activity;sid:81285628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.243.125.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422527/; classtype:trojan-activity;sid:81285627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422526/; classtype:trojan-activity;sid:81285626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422525)"; flow:established,from_client; content:"GET"; http_method; content:"/luciferbins.sh"; http_uri; depth:15; isdataat:!1,relative; content:"104.37.187.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422525/; classtype:trojan-activity;sid:81285625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"183.105.103.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422524/; classtype:trojan-activity;sid:81285624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422523)"; flow:established,from_client; content:"GET"; http_method; content:"/explore.exe"; http_uri; depth:12; isdataat:!1,relative; content:"iamcoverdwiththebloodofjesusthesonofgod.duckdns.org"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422523/; classtype:trojan-activity;sid:81285623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422522)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.google"; http_uri; depth:14; isdataat:!1,relative; content:"45.14.224.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422522/; classtype:trojan-activity;sid:81285622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422521)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/c8w2-zoxen-545560/"; http_uri; depth:30; isdataat:!1,relative; content:"topsmartmobile.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422521/; classtype:trojan-activity;sid:81285621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422520)"; flow:established,from_client; content:"GET"; http_method; content:"/flash/rh2-sxl-48831/"; http_uri; depth:21; isdataat:!1,relative; content:"karstenjohn.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422520/; classtype:trojan-activity;sid:81285620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422519)"; flow:established,from_client; content:"GET"; http_method; content:"/flash/bwkcoys/"; http_uri; depth:15; isdataat:!1,relative; content:"karstenjohn.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422519/; classtype:trojan-activity;sid:81285619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422518)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wzn6iv-ry-81561/"; http_uri; depth:28; isdataat:!1,relative; content:"fuertecaja.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422518/; classtype:trojan-activity;sid:81285618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422517)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/vdg7nu3ov7/"; http_uri; depth:15; isdataat:!1,relative; content:"chahooa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422517/; classtype:trojan-activity;sid:81285617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422516)"; flow:established,from_client; content:"GET"; http_method; content:"/sitemap/inc/"; http_uri; depth:13; isdataat:!1,relative; content:"www.emmashop.sk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422516/; classtype:trojan-activity;sid:81285616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422515)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lm/lj8j48b423493010mtoucq0ewi5p8/"; http_uri; depth:42; isdataat:!1,relative; content:"muebleslostroncos.cl"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422515/; classtype:trojan-activity;sid:81285615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422514)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/"; http_uri; depth:16; isdataat:!1,relative; content:"mediariser.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422514/; classtype:trojan-activity;sid:81285614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422513)"; flow:established,from_client; content:"GET"; http_method; content:"/dunhill/etrac/"; http_uri; depth:15; isdataat:!1,relative; content:"dobien.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422513/; classtype:trojan-activity;sid:81285613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"36.235.103.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422512/; classtype:trojan-activity;sid:81285612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422511)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/359976621_igkhibgw_zone/h2ectgfzmc82e01_4u7s1c3iz4_space/ffnkgg_xu631vt9ysy8tx/"; http_uri; depth:91; isdataat:!1,relative; content:"coneymedia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422511/; classtype:trojan-activity;sid:81285611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422510)"; flow:established,from_client; content:"GET"; http_method; content:"/sgq/closed-array/close-939248135-95xi9xurc3/ekny2m-19589zsstt9y/"; http_uri; depth:65; isdataat:!1,relative; content:"capitaladm.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422510/; classtype:trojan-activity;sid:81285610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422509)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"219.75.89.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422509/; classtype:trojan-activity;sid:81285609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422508)"; flow:established,from_client; content:"GET"; http_method; content:"/jdetsob/gand/"; http_uri; depth:14; isdataat:!1,relative; content:"rtisistemas.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422508/; classtype:trojan-activity;sid:81285608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422507)"; flow:established,from_client; content:"GET"; http_method; content:"/test/0b-y6-919/"; http_uri; depth:16; isdataat:!1,relative; content:"www.skia.com.ph"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422507/; classtype:trojan-activity;sid:81285607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422506)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oi/"; http_uri; depth:13; isdataat:!1,relative; content:"margarete.it"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422506/; classtype:trojan-activity;sid:81285606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422505)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.165.74.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422505/; classtype:trojan-activity;sid:81285605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422504)"; flow:established,from_client; content:"GET"; http_method; content:"/css/9xvyu-2ljp-1187/"; http_uri; depth:21; isdataat:!1,relative; content:"www.microcommindia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422504/; classtype:trojan-activity;sid:81285604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422503)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.127.96.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422503/; classtype:trojan-activity;sid:81285603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422502)"; flow:established,from_client; content:"GET"; http_method; content:"/host/1pot-cmh-08014/"; http_uri; depth:21; isdataat:!1,relative; content:"www.duosite.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422502/; classtype:trojan-activity;sid:81285602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422501)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422501/; classtype:trojan-activity;sid:81285601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422500)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422500/; classtype:trojan-activity;sid:81285600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422499)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422499/; classtype:trojan-activity;sid:81285599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422498)"; flow:established,from_client; content:"GET"; http_method; content:"/www/zdjcab/"; http_uri; depth:12; isdataat:!1,relative; content:"e-dsm.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422498/; classtype:trojan-activity;sid:81285598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422497)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422497/; classtype:trojan-activity;sid:81285597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422496)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422496/; classtype:trojan-activity;sid:81285596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422495)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422495/; classtype:trojan-activity;sid:81285595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422494)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422494/; classtype:trojan-activity;sid:81285594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422493)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422493/; classtype:trojan-activity;sid:81285593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422492)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422492/; classtype:trojan-activity;sid:81285592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422491)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422491/; classtype:trojan-activity;sid:81285591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422490)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422490/; classtype:trojan-activity;sid:81285590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422489)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422489/; classtype:trojan-activity;sid:81285589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422488)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422488/; classtype:trojan-activity;sid:81285588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422487)"; flow:established,from_client; content:"GET"; http_method; content:"/joomla/reporting/"; http_uri; depth:18; isdataat:!1,relative; content:"qinx.nl"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422487/; classtype:trojan-activity;sid:81285587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422486)"; flow:established,from_client; content:"GET"; http_method; content:"/hotelbrownsboutique.com/overview/51qxnvu5xs/"; http_uri; depth:45; isdataat:!1,relative; content:"brownshotelgroup.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422486/; classtype:trojan-activity;sid:81285586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422485)"; flow:established,from_client; content:"GET"; http_method; content:"/~jp/form.doc/"; http_uri; depth:14; isdataat:!1,relative; content:"web.celestrion.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422485/; classtype:trojan-activity;sid:81285585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422484)"; flow:established,from_client; content:"GET"; http_method; content:"/nitebins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422484/; classtype:trojan-activity;sid:81285584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422483)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"93.114.82.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422483/; classtype:trojan-activity;sid:81285583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422482)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422482/; classtype:trojan-activity;sid:81285582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422481)"; flow:established,from_client; content:"GET"; http_method; content:"/micks_chat/5_6w_c14/"; http_uri; depth:21; isdataat:!1,relative; content:"mickreevesmodels.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422481/; classtype:trojan-activity;sid:81285581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422480)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/khgu_6_iqgg/"; http_uri; depth:27; isdataat:!1,relative; content:"mo-billy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422480/; classtype:trojan-activity;sid:81285580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422479)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/4l_3pw_nf7ete2ip9/"; http_uri; depth:26; isdataat:!1,relative; content:"mgbryant.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422479/; classtype:trojan-activity;sid:81285579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422478)"; flow:established,from_client; content:"GET"; http_method; content:"/invoices/a_335s_codgt/"; http_uri; depth:23; isdataat:!1,relative; content:"mobilesbestprice.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422478/; classtype:trojan-activity;sid:81285578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422477)"; flow:established,from_client; content:"GET"; http_method; content:"/o_9q_w5ibffiks6/"; http_uri; depth:17; isdataat:!1,relative; content:"microclan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422477/; classtype:trojan-activity;sid:81285577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422476)"; flow:established,from_client; content:"GET"; http_method; content:"/shop/tbn2qfxx-k5-1015/"; http_uri; depth:23; isdataat:!1,relative; content:"gardioni.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422476/; classtype:trojan-activity;sid:81285576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.4.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422475/; classtype:trojan-activity;sid:81285575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422474/; classtype:trojan-activity;sid:81285574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.230.200.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422473/; classtype:trojan-activity;sid:81285573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.104.243.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422472/; classtype:trojan-activity;sid:81285572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422471/; classtype:trojan-activity;sid:81285571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.17.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422470/; classtype:trojan-activity;sid:81285570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422469/; classtype:trojan-activity;sid:81285569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.45.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422468/; classtype:trojan-activity;sid:81285568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422467/; classtype:trojan-activity;sid:81285567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422466)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/protected_sector/test_area/8cbyfv54bsrlkl8w_w8zy97/"; http_uri; depth:57; isdataat:!1,relative; content:"markleonardimaging.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422466/; classtype:trojan-activity;sid:81285566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422465)"; flow:established,from_client; content:"GET"; http_method; content:"/ava/lgou/"; http_uri; depth:10; isdataat:!1,relative; content:"itstelecom.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422465/; classtype:trojan-activity;sid:81285565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422464)"; flow:established,from_client; content:"GET"; http_method; content:"/floydswo/available_resource/corporate_area/by8_t4138uu68wtz/"; http_uri; depth:61; isdataat:!1,relative; content:"floydswoodshop.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422464/; classtype:trojan-activity;sid:81285564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422463)"; flow:established,from_client; content:"GET"; http_method; content:"/jshj/"; http_uri; depth:6; isdataat:!1,relative; content:"berkkorkmaz.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422463/; classtype:trojan-activity;sid:81285563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422462)"; flow:established,from_client; content:"GET"; http_method; content:"/winscapeit/available_array/9kkf_ls6q7855n_space/8iobqsmuwjpp_4v5z6f93uryu/"; http_uri; depth:75; isdataat:!1,relative; content:"gpcomms.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422462/; classtype:trojan-activity;sid:81285562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422461)"; flow:established,from_client; content:"GET"; http_method; content:"/voeding/open_box/guarded_452677989918_44kdfl6u/mfcytv0epa0_2vuy6yv10/"; http_uri; depth:70; isdataat:!1,relative; content:"freshcoders.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422461/; classtype:trojan-activity;sid:81285561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422460)"; flow:established,from_client; content:"GET"; http_method; content:"/order-js-iyln-67273-p/re-invoice/invoice/2192-apr-27-2017-en-99472"; http_uri; depth:67; isdataat:!1,relative; content:"wb0rur.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422460/; classtype:trojan-activity;sid:81285560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422459)"; flow:established,from_client; content:"GET"; http_method; content:"/newfolde_r/jcxgnshxf/"; http_uri; depth:22; isdataat:!1,relative; content:"channelstrategy.com.au"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422459/; classtype:trojan-activity;sid:81285559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422457)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/closed_module/tt1z_physbfyp48xc3l_cloud/40386520689229_ee6knn6izvm4/"; http_uri; depth:74; isdataat:!1,relative; content:"cerebralart.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422457/; classtype:trojan-activity;sid:81285557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422456)"; flow:established,from_client; content:"GET"; http_method; content:"/carloghio/obj/"; http_uri; depth:15; isdataat:!1,relative; content:"eurofutura.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422456/; classtype:trojan-activity;sid:81285556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422455)"; flow:established,from_client; content:"GET"; http_method; content:"/new/wmhf-dy-251/"; http_uri; depth:17; isdataat:!1,relative; content:"managersoft.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422455/; classtype:trojan-activity;sid:81285555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422454)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/niw4_79hjpa1h07sams45_array/individual_cloud/0stv_5w0ux9/"; http_uri; depth:66; isdataat:!1,relative; content:"baek-laursen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422454/; classtype:trojan-activity;sid:81285554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422453)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/open_box/verifiable_forum/84430659663_usmbwqh/"; http_uri; depth:52; isdataat:!1,relative; content:"kingsidedesign.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422453/; classtype:trojan-activity;sid:81285553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422452)"; flow:established,from_client; content:"GET"; http_method; content:"/themedoc/nl/"; http_uri; depth:13; isdataat:!1,relative; content:"marcofama.it"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422452/; classtype:trojan-activity;sid:81285552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422451)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/closed-module/verified-space/2965957-tcqkfghrf4ooyszz/"; http_uri; depth:63; isdataat:!1,relative; content:"lungsrus.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422451/; classtype:trojan-activity;sid:81285551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422450)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal_zone/external_profile/946484951415_n1y59ramfadj9mgs/"; http_uri; depth:71; isdataat:!1,relative; content:"makepubli.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422450/; classtype:trojan-activity;sid:81285550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422449)"; flow:established,from_client; content:"GET"; http_method; content:"/wvvw1/payment/"; http_uri; depth:15; isdataat:!1,relative; content:"molodoy.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422449/; classtype:trojan-activity;sid:81285549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422448)"; flow:established,from_client; content:"GET"; http_method; content:"/rs/nl5vi-2d-1089/"; http_uri; depth:18; isdataat:!1,relative; content:"montessori-olomouc.cz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422448/; classtype:trojan-activity;sid:81285548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422447)"; flow:established,from_client; content:"GET"; http_method; content:"/toitube-site/nftrn/"; http_uri; depth:20; isdataat:!1,relative; content:"mariusaffolter.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422447/; classtype:trojan-activity;sid:81285547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422446)"; flow:established,from_client; content:"GET"; http_method; content:"/banuelos.mansanz.es/closed-section/verified-area/t681mq-my9j1q1vn7/"; http_uri; depth:68; isdataat:!1,relative; content:"mansanz.es"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422446/; classtype:trojan-activity;sid:81285546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422445)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/kihg9pcogc-ispxzawnw8xek-67938731131-qr588ctuq5t/interior-warehouse/ssesxv3-5sj8300gxi/"; http_uri; depth:96; isdataat:!1,relative; content:"maratom.hu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422445/; classtype:trojan-activity;sid:81285545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422444)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nyicjm/"; http_uri; depth:17; isdataat:!1,relative; content:"medyamaxafrica.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422444/; classtype:trojan-activity;sid:81285544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"218.161.100.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422443/; classtype:trojan-activity;sid:81285543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422442)"; flow:established,from_client; content:"GET"; http_method; content:"/images/multifunctional_resource/guarded_forum/062429655797_zkkndt4ynppajfn/"; http_uri; depth:76; isdataat:!1,relative; content:"martiniandgrey.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422442/; classtype:trojan-activity;sid:81285542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422441)"; flow:established,from_client; content:"GET"; http_method; content:"/facebook1/ttopfacd-29om-61/"; http_uri; depth:28; isdataat:!1,relative; content:"mint-productions.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422441/; classtype:trojan-activity;sid:81285541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422440)"; flow:established,from_client; content:"GET"; http_method; content:"/data/private-section/special-area/762113206473-eebx0lx/"; http_uri; depth:56; isdataat:!1,relative; content:"matrin.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422440/; classtype:trojan-activity;sid:81285540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422439)"; flow:established,from_client; content:"GET"; http_method; content:"/tv/dyspb/"; http_uri; depth:10; isdataat:!1,relative; content:"jambino.us"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422439/; classtype:trojan-activity;sid:81285539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422438)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/n3tq5u168132549/"; http_uri; depth:26; isdataat:!1,relative; content:"killingworthlabs.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422438/; classtype:trojan-activity;sid:81285538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422437)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/hisootvog/"; http_uri; depth:19; isdataat:!1,relative; content:"movewithketty.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422437/; classtype:trojan-activity;sid:81285537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422436)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/t5uujywz88/"; http_uri; depth:21; isdataat:!1,relative; content:"www.kappetijn.eu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422436/; classtype:trojan-activity;sid:81285536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422435)"; flow:established,from_client; content:"GET"; http_method; content:"/logon/lxkub/"; http_uri; depth:13; isdataat:!1,relative; content:"kevinley.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422435/; classtype:trojan-activity;sid:81285535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422434)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/protected_zone/verified_portal/3bkq86c_72bytn3zij/"; http_uri; depth:59; isdataat:!1,relative; content:"maximedge.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422434/; classtype:trojan-activity;sid:81285534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422433)"; flow:established,from_client; content:"GET"; http_method; content:"/slide/reporting/"; http_uri; depth:17; isdataat:!1,relative; content:"mattimoorman.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422433/; classtype:trojan-activity;sid:81285533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422432)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/common_f3q8b9q_izq1zyhuo/individual_space/midmbu5svx76de_s462ysy10v/"; http_uri; depth:78; isdataat:!1,relative; content:"maxsoft.cz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422432/; classtype:trojan-activity;sid:81285532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422431)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422431/; classtype:trojan-activity;sid:81285531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422430)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422430/; classtype:trojan-activity;sid:81285530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422429)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422429/; classtype:trojan-activity;sid:81285529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422428)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422428/; classtype:trojan-activity;sid:81285528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422427)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422427/; classtype:trojan-activity;sid:81285527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422426)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422426/; classtype:trojan-activity;sid:81285526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422425)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422425/; classtype:trojan-activity;sid:81285525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422424)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422424/; classtype:trojan-activity;sid:81285524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422423)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"161.35.166.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422423/; classtype:trojan-activity;sid:81285523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422422)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/4iwmijo8y/"; http_uri; depth:19; isdataat:!1,relative; content:"matadebenfica.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422422/; classtype:trojan-activity;sid:81285522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422421)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/docs/chwexd1ug/9hhs319177336237664863ucgzhi23v7tf27nlk3gd3b/"; http_uri; depth:70; isdataat:!1,relative; content:"materialescantu.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422421/; classtype:trojan-activity;sid:81285521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422420)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/open_box/guarded_profile/68945447760_iausxcx3o/"; http_uri; depth:60; isdataat:!1,relative; content:"mediajam.co.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422420/; classtype:trojan-activity;sid:81285520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422419)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/8zr5b8rhd/"; http_uri; depth:31; isdataat:!1,relative; content:"mec.net.co"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422419/; classtype:trojan-activity;sid:81285519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422418)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.ghoul"; http_uri; depth:14; isdataat:!1,relative; content:"88.218.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422418/; classtype:trojan-activity;sid:81285518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422417)"; flow:established,from_client; content:"GET"; http_method; content:"/images/nqxkju7h1/"; http_uri; depth:18; isdataat:!1,relative; content:"minmohd.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422417/; classtype:trojan-activity;sid:81285517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422416)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/available_45hjt38dsxm216_k87kpt0yckm9/guarded_forum/0473756997026_yckq3odcijlkjk/"; http_uri; depth:90; isdataat:!1,relative; content:"u2113253.isphuset.no"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422416/; classtype:trojan-activity;sid:81285516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422415)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t/vawelrm/"; http_uri; depth:14; isdataat:!1,relative; content:"johnkeanestudios.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422415/; classtype:trojan-activity;sid:81285515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422414)"; flow:established,from_client; content:"GET"; http_method; content:"/content/fhgafks/"; http_uri; depth:17; isdataat:!1,relative; content:"jmlandscapingservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422414/; classtype:trojan-activity;sid:81285514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422413)"; flow:established,from_client; content:"GET"; http_method; content:"/dlqctc01p/"; http_uri; depth:11; isdataat:!1,relative; content:"jimlowry.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422413/; classtype:trojan-activity;sid:81285513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422412)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/i1hhqde6/"; http_uri; depth:22; isdataat:!1,relative; content:"www.lesliemontenegro.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422412/; classtype:trojan-activity;sid:81285512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422411)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/khso16zaaf/"; http_uri; depth:20; isdataat:!1,relative; content:"jkncrew.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422411/; classtype:trojan-activity;sid:81285511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422410)"; flow:established,from_client; content:"GET"; http_method; content:"/cwtales/sites/rbu651375642753922klmdh5aq1h2xg7/"; http_uri; depth:48; isdataat:!1,relative; content:"mikegladfelter.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422410/; classtype:trojan-activity;sid:81285510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422409)"; flow:established,from_client; content:"GET"; http_method; content:"/styles/open_kwqxb_be0zesldcpwq/individual_forum/609495065_k7utyc8ggh/"; http_uri; depth:70; isdataat:!1,relative; content:"www.motorcyclemechanic.co.uk"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422409/; classtype:trojan-activity;sid:81285509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422408)"; flow:established,from_client; content:"GET"; http_method; content:"/quarantine/available-jq5nqz-0v0h/close-portal/dxhsxomk-y1nreaxp/"; http_uri; depth:65; isdataat:!1,relative; content:"mx2interests.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422408/; classtype:trojan-activity;sid:81285508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422407)"; flow:established,from_client; content:"GET"; http_method; content:"/index_htm_files/overview/08tetk1lfb/vl7469137082uvtqy1a7x8po6ad4/"; http_uri; depth:66; isdataat:!1,relative; content:"eof.cat"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422407/; classtype:trojan-activity;sid:81285507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422406)"; flow:established,from_client; content:"GET"; http_method; content:"/17/balance/0y7ou0/rvs586549780426778858h9lgephb3kcop/"; http_uri; depth:54; isdataat:!1,relative; content:"www.gerov.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422406/; classtype:trojan-activity;sid:81285506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422405)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/scan/sk0twx1/"; http_uri; depth:26; isdataat:!1,relative; content:"vtff.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422405/; classtype:trojan-activity;sid:81285505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422404)"; flow:established,from_client; content:"GET"; http_method; content:"/_mm/etrac/wdgqhrg7lkx/h5393222514152y5119giscuq4/"; http_uri; depth:50; isdataat:!1,relative; content:"madcowstudios.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422404/; classtype:trojan-activity;sid:81285504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422403)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/bdk1_70_vsstep/"; http_uri; depth:24; isdataat:!1,relative; content:"mosquitohawk.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422403/; classtype:trojan-activity;sid:81285503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422402)"; flow:established,from_client; content:"GET"; http_method; content:"/estreet_files/xl9lil_xd6r0mgxt3kgk_4618028616_q5gjsrf8r/open_portal/156964_hntlz6yw/"; http_uri; depth:85; isdataat:!1,relative; content:"www.moppenheim.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422402/; classtype:trojan-activity;sid:81285502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422401)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/wzra_mg_1s6h9/"; http_uri; depth:23; isdataat:!1,relative; content:"mikeflavell.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422401/; classtype:trojan-activity;sid:81285501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422400)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0_35_8ebbd/"; http_uri; depth:21; isdataat:!1,relative; content:"motorcomunicacion.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422400/; classtype:trojan-activity;sid:81285500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422399)"; flow:established,from_client; content:"GET"; http_method; content:"/img/bg/css/f1_ski_fpm2/"; http_uri; depth:24; isdataat:!1,relative; content:"mosdk.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422399/; classtype:trojan-activity;sid:81285499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422398)"; flow:established,from_client; content:"GET"; http_method; content:"/js/4w3ze_f_sj/"; http_uri; depth:15; isdataat:!1,relative; content:"moncheznous.ca"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422398/; classtype:trojan-activity;sid:81285498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422397)"; flow:established,from_client; content:"GET"; http_method; content:"/images/138907/8g7c645373370255099hf4at12buy2lgrdeqo/"; http_uri; depth:53; isdataat:!1,relative; content:"mobiletech.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422397/; classtype:trojan-activity;sid:81285497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422396)"; flow:established,from_client; content:"GET"; http_method; content:"/mysf_project/yhynv9ec8t_slbhr5zavwunyo_96390_4y9kkmefpxn8ay/interior_forum/qbrc4_1ci55wjyh6r/"; http_uri; depth:94; isdataat:!1,relative; content:"pataphysics.net.au"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422396/; classtype:trojan-activity;sid:81285496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422395)"; flow:established,from_client; content:"GET"; http_method; content:"/leopardo/inc/ysftnf3tkn/"; http_uri; depth:25; isdataat:!1,relative; content:"www.serviluz.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422395/; classtype:trojan-activity;sid:81285495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422394)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.49.245.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422394/; classtype:trojan-activity;sid:81285494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422393)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"151.53.61.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422393/; classtype:trojan-activity;sid:81285493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422392)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"50.194.237.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422392/; classtype:trojan-activity;sid:81285492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422391)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"122.116.202.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422391/; classtype:trojan-activity;sid:81285491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422390)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ok2-m4gw0-309348/"; http_uri; depth:29; isdataat:!1,relative; content:"faroholidays.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422390/; classtype:trojan-activity;sid:81285490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422389)"; flow:established,from_client; content:"GET"; http_method; content:"/html/open-resource/individual-warehouse/tigcc-u7w0wy5s16tt/"; http_uri; depth:60; isdataat:!1,relative; content:"ferienwohnung-malcesine.de"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422389/; classtype:trojan-activity;sid:81285489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422388)"; flow:established,from_client; content:"GET"; http_method; content:"/alternative/common_disk/additional_3228698_lqjoy9uh/qp8bsbq9f_9ys4u8vw1/"; http_uri; depth:73; isdataat:!1,relative; content:"ehsan.it"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422388/; classtype:trojan-activity;sid:81285488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422387)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/h9mw-ol7o-54/"; http_uri; depth:25; isdataat:!1,relative; content:"kellymorganscience.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422387/; classtype:trojan-activity;sid:81285487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422386)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/statement/fwdh69wd/"; http_uri; depth:26; isdataat:!1,relative; content:"eiburaham.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422386/; classtype:trojan-activity;sid:81285486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422385)"; flow:established,from_client; content:"GET"; http_method; content:"/news/protected_sector/corporate_space/g9nz7dvuk2jq_5x5yyw10/"; http_uri; depth:61; isdataat:!1,relative; content:"heemaalnews.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422385/; classtype:trojan-activity;sid:81285485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"5.152.0.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422384/; classtype:trojan-activity;sid:81285484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.170.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422383/; classtype:trojan-activity;sid:81285483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.16.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422382/; classtype:trojan-activity;sid:81285482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.177.176.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422381/; classtype:trojan-activity;sid:81285481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.174.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422380/; classtype:trojan-activity;sid:81285480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.21.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422379/; classtype:trojan-activity;sid:81285479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422378)"; flow:established,from_client; content:"GET"; http_method; content:"/spryassets/93260076883-zwgwoftgv-zs5dbjrc-5uo9pams/verified-area/3z5d9q5aq-847szuy07/"; http_uri; depth:86; isdataat:!1,relative; content:"elancla.cl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422378/; classtype:trojan-activity;sid:81285478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422377)"; flow:established,from_client; content:"GET"; http_method; content:"/7107012102381-23szf9dzczyzlb-module/payment/"; http_uri; depth:45; isdataat:!1,relative; content:"elementalburn.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422377/; classtype:trojan-activity;sid:81285477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422376)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lybx/"; http_uri; depth:14; isdataat:!1,relative; content:"mgregoire.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422376/; classtype:trojan-activity;sid:81285476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422375)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/balance/"; http_uri; depth:20; isdataat:!1,relative; content:"healinghandsonthemove.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422375/; classtype:trojan-activity;sid:81285475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422374)"; flow:established,from_client; content:"GET"; http_method; content:"/images/rl1h_zz3fqcab9dejfj0g_sector/verifiable_warehouse/ymygrmfcex78_tgm1jlrt/"; http_uri; depth:80; isdataat:!1,relative; content:"iensenada.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422374/; classtype:trojan-activity;sid:81285474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422373)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/jggjvsz/"; http_uri; depth:17; isdataat:!1,relative; content:"meinhaarzauber.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422373/; classtype:trojan-activity;sid:81285473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422372)"; flow:established,from_client; content:"GET"; http_method; content:"/naturebeautyspa.com/s3px7_oss1rd2u_podlw_e46zq4iyf/external_owdgcz7ra_w5k/kjqglccdvjmp_ux8d4toy60x/"; http_uri; depth:100; isdataat:!1,relative; content:"incluschile.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422372/; classtype:trojan-activity;sid:81285472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422371)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/0205789038156-tbjsb5zydbvq-module/external-space/4walh-wxv7/"; http_uri; depth:72; isdataat:!1,relative; content:"homecables.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422371/; classtype:trojan-activity;sid:81285471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422370)"; flow:established,from_client; content:"GET"; http_method; content:"/images/closed_resource/security_portal/575383_fczjbnodcixu/"; http_uri; depth:60; isdataat:!1,relative; content:"www.lgpass.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422370/; classtype:trojan-activity;sid:81285470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422369)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/rbira-jm8h2-6965/"; http_uri; depth:26; isdataat:!1,relative; content:"entouchgraphics.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422369/; classtype:trojan-activity;sid:81285469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422368)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfatbratbabydog/16abyxdj3gclguwp_yvgtghv2n_section/guarded_kt9q_1v4f83ev7n/0533420167_dquy7ucns/"; http_uri; depth:99; isdataat:!1,relative; content:"modbecloset.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422368/; classtype:trojan-activity;sid:81285468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422367)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/open_zone/test_space/gl3_0u3zuy33ws/"; http_uri; depth:49; isdataat:!1,relative; content:"nypthealing.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422367/; classtype:trojan-activity;sid:81285467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422366)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/attachments/dpqccegbfdt/"; http_uri; depth:31; isdataat:!1,relative; content:"kriomed.uz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422366/; classtype:trojan-activity;sid:81285466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422365)"; flow:established,from_client; content:"GET"; http_method; content:"/multifunctional-box/iccfi/"; http_uri; depth:27; isdataat:!1,relative; content:"erronsplace.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422365/; classtype:trojan-activity;sid:81285465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422364)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/report/dumhok/"; http_uri; depth:23; isdataat:!1,relative; content:"hertronic.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422364/; classtype:trojan-activity;sid:81285464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422363)"; flow:established,from_client; content:"GET"; http_method; content:"/z8ju268-oz5x-978031/"; http_uri; depth:21; isdataat:!1,relative; content:"lacasamia.co.uk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422363/; classtype:trojan-activity;sid:81285463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422362)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/multifunctional-box/479140351167-kqzikomjyhvak-forum/w152yv5-w0w0s0/"; http_uri; depth:80; isdataat:!1,relative; content:"www.cbi.com.eg"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422362/; classtype:trojan-activity;sid:81285462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422361)"; flow:established,from_client; content:"GET"; http_method; content:"/stylus/npwcrmkv/"; http_uri; depth:17; isdataat:!1,relative; content:"omeryener.com.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422361/; classtype:trojan-activity;sid:81285461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422360)"; flow:established,from_client; content:"GET"; http_method; content:"/4psi_files/private-uz5zad8s0i8es-2dy2awg1x1mj86/special-61789740803-bodogy/env02z1n-tc5utsg7he/"; http_uri; depth:96; isdataat:!1,relative; content:"aawen4x4.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422360/; classtype:trojan-activity;sid:81285460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422359)"; flow:established,from_client; content:"GET"; http_method; content:"/english/templates/docs/"; http_uri; depth:24; isdataat:!1,relative; content:"www.ekramco.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422359/; classtype:trojan-activity;sid:81285459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422358)"; flow:established,from_client; content:"GET"; http_method; content:"/protected_pyig_mld1w/test_cloud/720536_50jkb/"; http_uri; depth:46; isdataat:!1,relative; content:"lansec.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422358/; classtype:trojan-activity;sid:81285458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422357)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/z05-bcc-341722/"; http_uri; depth:28; isdataat:!1,relative; content:"rafamora.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422357/; classtype:trojan-activity;sid:81285457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422356)"; flow:established,from_client; content:"GET"; http_method; content:"/sub_we-are/z48rpev90d/0bjo209677710ax9i7w4fskut4t11t/"; http_uri; depth:54; isdataat:!1,relative; content:"adhd.org.sa"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422356/; classtype:trojan-activity;sid:81285456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422355)"; flow:established,from_client; content:"GET"; http_method; content:"/test/common-296122707-8q58yawasjl/verified-cloud/d4aksuofzr7k-7652zzxw6/"; http_uri; depth:73; isdataat:!1,relative; content:"oshop.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422355/; classtype:trojan-activity;sid:81285455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422354)"; flow:established,from_client; content:"GET"; http_method; content:"/js/multifunctional-section/verifiable-portal/1v5sq78-t50784t844t2/"; http_uri; depth:67; isdataat:!1,relative; content:"puertosalsa.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422354/; classtype:trojan-activity;sid:81285454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422353)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/parts_service/"; http_uri; depth:25; isdataat:!1,relative; content:"legend.nu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422353/; classtype:trojan-activity;sid:81285453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422352)"; flow:established,from_client; content:"GET"; http_method; content:"/awstats-icon/iwq5-ge0r-6687/"; http_uri; depth:29; isdataat:!1,relative; content:"sugarcoatedspider.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422352/; classtype:trojan-activity;sid:81285452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422351)"; flow:established,from_client; content:"GET"; http_method; content:"/mobile/documentation/"; http_uri; depth:22; isdataat:!1,relative; content:"elevationadvertising.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422351/; classtype:trojan-activity;sid:81285451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422350)"; flow:established,from_client; content:"GET"; http_method; content:"/iwtfy/multifunctional-zone/test-072287610-sryk0ri98/03kdh8h4grsqo4op-60u2u17wus026/"; http_uri; depth:84; isdataat:!1,relative; content:"infectedarea.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422350/; classtype:trojan-activity;sid:81285450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422349)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/common-disk/security-cloud/ypr52ekq-060y/"; http_uri; depth:46; isdataat:!1,relative; content:"perlahuelva.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422349/; classtype:trojan-activity;sid:81285449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422348)"; flow:established,from_client; content:"GET"; http_method; content:"/restore/lfwzphi/"; http_uri; depth:17; isdataat:!1,relative; content:"fenlabenergy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422348/; classtype:trojan-activity;sid:81285448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422347)"; flow:established,from_client; content:"GET"; http_method; content:"/abante/1xitqhrq/"; http_uri; depth:17; isdataat:!1,relative; content:"oikotexnia-a-o.gr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422347/; classtype:trojan-activity;sid:81285447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422346)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/browse/zsaiowa5owa2/"; http_uri; depth:37; isdataat:!1,relative; content:"www.ranking-site.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422346/; classtype:trojan-activity;sid:81285446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422345)"; flow:established,from_client; content:"GET"; http_method; content:"/webmaster/available_disk/security_8n73pig8yadzs_loc5300i9/mvk135_yttzs0vy03155/"; http_uri; depth:80; isdataat:!1,relative; content:"trainingbodies.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422345/; classtype:trojan-activity;sid:81285445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422344)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"180.253.27.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422344/; classtype:trojan-activity;sid:81285444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422343)"; flow:established,from_client; content:"GET"; http_method; content:"/plasticos/q9co97-movsovtxj7-sector/test-portal/964586063641-7ylewbuctyl11le6/"; http_uri; depth:78; isdataat:!1,relative; content:"ferramentariahonorio.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422343/; classtype:trojan-activity;sid:81285443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422342)"; flow:established,from_client; content:"GET"; http_method; content:"/test/report/"; http_uri; depth:13; isdataat:!1,relative; content:"www.acinutrilife.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422342/; classtype:trojan-activity;sid:81285442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422341)"; flow:established,from_client; content:"GET"; http_method; content:"/bibliophilia/swift/5gzmh467btdw/795638541389992424j5ka2fhi41hj/"; http_uri; depth:64; isdataat:!1,relative; content:"gombui.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422341/; classtype:trojan-activity;sid:81285441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422340)"; flow:established,from_client; content:"GET"; http_method; content:"/dtla/common_module/guarded_profile/r0tpg3s_x5443w99/"; http_uri; depth:53; isdataat:!1,relative; content:"w3art.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422340/; classtype:trojan-activity;sid:81285440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422339)"; flow:established,from_client; content:"GET"; http_method; content:"/images/17nlh-arj-19161/"; http_uri; depth:24; isdataat:!1,relative; content:"www.irishcarsagadir.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422339/; classtype:trojan-activity;sid:81285439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422338)"; flow:established,from_client; content:"GET"; http_method; content:"/common_module/zij/"; http_uri; depth:19; isdataat:!1,relative; content:"fourserious.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422338/; classtype:trojan-activity;sid:81285438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422337)"; flow:established,from_client; content:"GET"; http_method; content:"/option-tree/age9k_r7p_0l2/"; http_uri; depth:27; isdataat:!1,relative; content:"www.ifitmoves.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422337/; classtype:trojan-activity;sid:81285437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422336)"; flow:established,from_client; content:"GET"; http_method; content:"/clients/7uf_yp_76rqsyz/"; http_uri; depth:24; isdataat:!1,relative; content:"highlevelphoto.co.uk"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422336/; classtype:trojan-activity;sid:81285436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422335)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/ntts3_j_3cgou2/"; http_uri; depth:23; isdataat:!1,relative; content:"klem.com.pl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422335/; classtype:trojan-activity;sid:81285435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422334)"; flow:established,from_client; content:"GET"; http_method; content:"/peradice.com/jk_le4_xip2a7s6/"; http_uri; depth:30; isdataat:!1,relative; content:"goldenstatetow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422334/; classtype:trojan-activity;sid:81285434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422333)"; flow:established,from_client; content:"GET"; http_method; content:"/mizeo9/y_6pth_ymkgef/"; http_uri; depth:22; isdataat:!1,relative; content:"philosopherswheel.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422333/; classtype:trojan-activity;sid:81285433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422332)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/engl/doc/0s7eun/"; http_uri; depth:26; isdataat:!1,relative; content:"facetsbusiness.ca"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422332/; classtype:trojan-activity;sid:81285432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422331)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskies/521138744613-uyvwc-section/special-profile/jybevoll7-3uw86w65s74tuv/"; http_uri; depth:79; isdataat:!1,relative; content:"ferafera.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422331/; classtype:trojan-activity;sid:81285431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422330)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hoxgqvqwp/"; http_uri; depth:22; isdataat:!1,relative; content:"www.fizion.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422330/; classtype:trojan-activity;sid:81285430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422329)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/73f13hw4/n4f8xilqk/"; http_uri; depth:31; isdataat:!1,relative; content:"www.behnasan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422329/; classtype:trojan-activity;sid:81285429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422328)"; flow:established,from_client; content:"GET"; http_method; content:"/php/open_zone/special_portal/lpto4lxv5k_y8uszz2w/"; http_uri; depth:50; isdataat:!1,relative; content:"finnigans.org.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422328/; classtype:trojan-activity;sid:81285428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422327)"; flow:established,from_client; content:"GET"; http_method; content:"/drupal/protected-sector/corporate-warehouse/54901370265050-o5vj09bjqgayjn/"; http_uri; depth:75; isdataat:!1,relative; content:"www.svkn.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422327/; classtype:trojan-activity;sid:81285427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422326)"; flow:established,from_client; content:"GET"; http_method; content:"/gfmi/multifunctional_sector/external_x5zr_gtkquewl2xea/973792286194_vtar6/"; http_uri; depth:75; isdataat:!1,relative; content:"cosmo.li"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422326/; classtype:trojan-activity;sid:81285426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422325)"; flow:established,from_client; content:"GET"; http_method; content:"/garantiasaude/common_section/4aqxi_j7ys4enhuclj_portal/py5pyruj_njg9qn5ubaug9n/"; http_uri; depth:80; isdataat:!1,relative; content:"gaoe.com.br"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422325/; classtype:trojan-activity;sid:81285425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422324)"; flow:established,from_client; content:"GET"; http_method; content:"/fuentes/closed_0943392_vl4ftkjmkgm2ri/guarded_area/1594173_hufyrx/"; http_uri; depth:67; isdataat:!1,relative; content:"www.doblementa.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422324/; classtype:trojan-activity;sid:81285424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422323)"; flow:established,from_client; content:"GET"; http_method; content:"/audio/sgk0nh-yyibwto2l0l-22eafjtx56-hizsquzdrpkw7/interior-forum/562769-gj1g7wicupa/"; http_uri; depth:85; isdataat:!1,relative; content:"colbydix.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422323/; classtype:trojan-activity;sid:81285423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422322)"; flow:established,from_client; content:"GET"; http_method; content:"/fcgi-bin/common-53883307959-gexpe8tlo/external-130834287-ej78rf/qwi2wrzzl-nahcpl6npq3g2d/"; http_uri; depth:90; isdataat:!1,relative; content:"icacc.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422322/; classtype:trojan-activity;sid:81285422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422321)"; flow:established,from_client; content:"GET"; http_method; content:"/scouting.my/closed-rpng-iupupmo/open-portal/vjlva-wy3z97y8ww/"; http_uri; depth:62; isdataat:!1,relative; content:"leong.ws"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422321/; classtype:trojan-activity;sid:81285421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422320)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/i0boam6/"; http_uri; depth:17; isdataat:!1,relative; content:"www.kyesgroups.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422320/; classtype:trojan-activity;sid:81285420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422319)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/bankbankgg.exe"; http_uri; depth:25; isdataat:!1,relative; content:"www.epyorke.edu.bz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422319/; classtype:trojan-activity;sid:81285419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422318)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/player.exe"; http_uri; depth:20; isdataat:!1,relative; content:"savoirplus.rw"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422318/; classtype:trojan-activity;sid:81285418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422317)"; flow:established,from_client; content:"GET"; http_method; content:"/js/vd7tdotu-782z1-95/"; http_uri; depth:22; isdataat:!1,relative; content:"www.puertosalsa.cl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422317/; classtype:trojan-activity;sid:81285417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422316)"; flow:established,from_client; content:"GET"; http_method; content:"/clientbin/dymrk85523/"; http_uri; depth:22; isdataat:!1,relative; content:"jothay.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422316/; classtype:trojan-activity;sid:81285416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422315)"; flow:established,from_client; content:"GET"; http_method; content:"/images/ko2l8v/"; http_uri; depth:15; isdataat:!1,relative; content:"johnsonlam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422315/; classtype:trojan-activity;sid:81285415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422314)"; flow:established,from_client; content:"GET"; http_method; content:"/feed/jf5x9530/"; http_uri; depth:15; isdataat:!1,relative; content:"joshuasjewelry.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422314/; classtype:trojan-activity;sid:81285414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422313)"; flow:established,from_client; content:"GET"; http_method; content:"/images/om4ad/"; http_uri; depth:14; isdataat:!1,relative; content:"joeljustice.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422313/; classtype:trojan-activity;sid:81285413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422312)"; flow:established,from_client; content:"GET"; http_method; content:"/bobby/ll5p/"; http_uri; depth:12; isdataat:!1,relative; content:"jolapa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422312/; classtype:trojan-activity;sid:81285412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422311)"; flow:established,from_client; content:"GET"; http_method; content:"/ynpw/zvjg-vo-892/"; http_uri; depth:18; isdataat:!1,relative; content:"yamnadlan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422311/; classtype:trojan-activity;sid:81285411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422310)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal-module/guarded-profile/zxx3lv2kyhk-gje898jely/"; http_uri; depth:65; isdataat:!1,relative; content:"foodphotography.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422310/; classtype:trojan-activity;sid:81285410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422309)"; flow:established,from_client; content:"GET"; http_method; content:"/img/pu/"; http_uri; depth:8; isdataat:!1,relative; content:"frnossa.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422309/; classtype:trojan-activity;sid:81285409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422308)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/open-module/verifiable-dlcdjte2-z3sb9tp5/91041647-bi9kojgqg/"; http_uri; depth:68; isdataat:!1,relative; content:"foredeckmarine.com.au"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422308/; classtype:trojan-activity;sid:81285408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422307)"; flow:established,from_client; content:"GET"; http_method; content:"/images/llc/kurca3u/r0yr3656933188whnvkchg5e9zmk/"; http_uri; depth:49; isdataat:!1,relative; content:"forscene.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422307/; classtype:trojan-activity;sid:81285407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422306)"; flow:established,from_client; content:"GET"; http_method; content:"/wvvw/tpbwhem/"; http_uri; depth:14; isdataat:!1,relative; content:"fussey.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422306/; classtype:trojan-activity;sid:81285406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422305)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422305/; classtype:trojan-activity;sid:81285405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422304)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422304/; classtype:trojan-activity;sid:81285404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422303)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422303/; classtype:trojan-activity;sid:81285403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422302)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422302/; classtype:trojan-activity;sid:81285402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422301)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422301/; classtype:trojan-activity;sid:81285401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422300)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422300/; classtype:trojan-activity;sid:81285400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422299)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422299/; classtype:trojan-activity;sid:81285399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422298)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422298/; classtype:trojan-activity;sid:81285398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422297)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422297/; classtype:trojan-activity;sid:81285397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422296)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422296/; classtype:trojan-activity;sid:81285396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422295)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422295/; classtype:trojan-activity;sid:81285395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422294)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422294/; classtype:trojan-activity;sid:81285394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422293)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422293/; classtype:trojan-activity;sid:81285393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422292)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422292/; classtype:trojan-activity;sid:81285392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422291)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422291/; classtype:trojan-activity;sid:81285391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422290)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422290/; classtype:trojan-activity;sid:81285390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422289)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422289/; classtype:trojan-activity;sid:81285389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422288)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"z7rflq080.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422288/; classtype:trojan-activity;sid:81285388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422287)"; flow:established,from_client; content:"GET"; http_method; content:"/generated/personal-module/additional-space/94807247323-jodv3jkui7tyvshk/"; http_uri; depth:73; isdataat:!1,relative; content:"www.smarthub.ws"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422287/; classtype:trojan-activity;sid:81285387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422286)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422286/; classtype:trojan-activity;sid:81285386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422285)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422285/; classtype:trojan-activity;sid:81285385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422284)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422284/; classtype:trojan-activity;sid:81285384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422283)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422283/; classtype:trojan-activity;sid:81285383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422282)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422282/; classtype:trojan-activity;sid:81285382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422281)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422281/; classtype:trojan-activity;sid:81285381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422280)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422280/; classtype:trojan-activity;sid:81285380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422279)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422279/; classtype:trojan-activity;sid:81285379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422278)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422278/; classtype:trojan-activity;sid:81285378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422277)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422277/; classtype:trojan-activity;sid:81285377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422276)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422276/; classtype:trojan-activity;sid:81285376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422275)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422275/; classtype:trojan-activity;sid:81285375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422274)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422274/; classtype:trojan-activity;sid:81285374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422273)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422273/; classtype:trojan-activity;sid:81285373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422272)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422272/; classtype:trojan-activity;sid:81285372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422271)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422271/; classtype:trojan-activity;sid:81285371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422270)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422270/; classtype:trojan-activity;sid:81285370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422269)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ybvoc9qoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422269/; classtype:trojan-activity;sid:81285369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422268)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422268/; classtype:trojan-activity;sid:81285368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422267)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422267/; classtype:trojan-activity;sid:81285367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422266)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422266/; classtype:trojan-activity;sid:81285366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422265)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422265/; classtype:trojan-activity;sid:81285365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422264)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422264/; classtype:trojan-activity;sid:81285364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422263)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422263/; classtype:trojan-activity;sid:81285363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422262)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422262/; classtype:trojan-activity;sid:81285362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422261)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422261/; classtype:trojan-activity;sid:81285361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422260)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422260/; classtype:trojan-activity;sid:81285360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422259)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422259/; classtype:trojan-activity;sid:81285359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422258)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422258/; classtype:trojan-activity;sid:81285358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422257)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422257/; classtype:trojan-activity;sid:81285357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422256)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422256/; classtype:trojan-activity;sid:81285356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422255)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422255/; classtype:trojan-activity;sid:81285355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422254)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422254/; classtype:trojan-activity;sid:81285354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422253)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422253/; classtype:trojan-activity;sid:81285353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422252)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422252/; classtype:trojan-activity;sid:81285352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422251)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"py072wgiw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422251/; classtype:trojan-activity;sid:81285351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422250)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422250/; classtype:trojan-activity;sid:81285350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422249)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422249/; classtype:trojan-activity;sid:81285349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422248)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422248/; classtype:trojan-activity;sid:81285348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422247)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422247/; classtype:trojan-activity;sid:81285347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422246)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422246/; classtype:trojan-activity;sid:81285346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422245)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422245/; classtype:trojan-activity;sid:81285345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422244)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422244/; classtype:trojan-activity;sid:81285344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422243)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422243/; classtype:trojan-activity;sid:81285343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422242)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422242/; classtype:trojan-activity;sid:81285342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422241)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422241/; classtype:trojan-activity;sid:81285341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422240)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422240/; classtype:trojan-activity;sid:81285340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422239)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422239/; classtype:trojan-activity;sid:81285339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422238)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422238/; classtype:trojan-activity;sid:81285338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422237)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422237/; classtype:trojan-activity;sid:81285337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422236)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422236/; classtype:trojan-activity;sid:81285336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422235)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422235/; classtype:trojan-activity;sid:81285335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422234)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422234/; classtype:trojan-activity;sid:81285334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"jfmmusox0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422233/; classtype:trojan-activity;sid:81285333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422232)"; flow:established,from_client; content:"GET"; http_method; content:"/img/report/fa7sges/"; http_uri; depth:20; isdataat:!1,relative; content:"www.vpinversiones.cl"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422232/; classtype:trojan-activity;sid:81285332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422231)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/multifunctional-section/corporate-profile/8hez4c-0mk2l6qu/"; http_uri; depth:70; isdataat:!1,relative; content:"www.fulltel.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422231/; classtype:trojan-activity;sid:81285331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422230)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422230/; classtype:trojan-activity;sid:81285330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422229)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422229/; classtype:trojan-activity;sid:81285329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422228)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422228/; classtype:trojan-activity;sid:81285328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422227)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422227/; classtype:trojan-activity;sid:81285327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422226)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422226/; classtype:trojan-activity;sid:81285326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422225)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422225/; classtype:trojan-activity;sid:81285325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422224)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422224/; classtype:trojan-activity;sid:81285324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422223)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422223/; classtype:trojan-activity;sid:81285323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422222)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422222/; classtype:trojan-activity;sid:81285322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422221)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422221/; classtype:trojan-activity;sid:81285321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422220)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422220/; classtype:trojan-activity;sid:81285320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422219)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422219/; classtype:trojan-activity;sid:81285319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422218)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422218/; classtype:trojan-activity;sid:81285318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422217)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422217/; classtype:trojan-activity;sid:81285317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422216)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422216/; classtype:trojan-activity;sid:81285316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422215)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422215/; classtype:trojan-activity;sid:81285315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422214)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422214/; classtype:trojan-activity;sid:81285314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422213)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"bofzvaxf6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422213/; classtype:trojan-activity;sid:81285313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422212)"; flow:established,from_client; content:"GET"; http_method; content:"/ramrush.exe"; http_uri; depth:12; isdataat:!1,relative; content:"172.86.75.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422212/; classtype:trojan-activity;sid:81285312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422211)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422211/; classtype:trojan-activity;sid:81285311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422210)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422210/; classtype:trojan-activity;sid:81285310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422209)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422209/; classtype:trojan-activity;sid:81285309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422208)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422208/; classtype:trojan-activity;sid:81285308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422207)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422207/; classtype:trojan-activity;sid:81285307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422206)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422206/; classtype:trojan-activity;sid:81285306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422205)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422205/; classtype:trojan-activity;sid:81285305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422204)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422204/; classtype:trojan-activity;sid:81285304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422203)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422203/; classtype:trojan-activity;sid:81285303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422202)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422202/; classtype:trojan-activity;sid:81285302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422201)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422201/; classtype:trojan-activity;sid:81285301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422200)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422200/; classtype:trojan-activity;sid:81285300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422199)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422199/; classtype:trojan-activity;sid:81285299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422198)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422198/; classtype:trojan-activity;sid:81285298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422197)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422197/; classtype:trojan-activity;sid:81285297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422196)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422196/; classtype:trojan-activity;sid:81285296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422195)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422195/; classtype:trojan-activity;sid:81285295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422194)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"8wsed5qkw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422194/; classtype:trojan-activity;sid:81285294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422193)"; flow:established,from_client; content:"GET"; http_method; content:"/blog_1/overview/ke84h9/lf94416297123919elsfkmtdtyg4/"; http_uri; depth:53; isdataat:!1,relative; content:"franelessac.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422193/; classtype:trojan-activity;sid:81285293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422192)"; flow:established,from_client; content:"GET"; http_method; content:"/manager/closed_box/guarded_warehouse/fkauwxgxl9q_w10knzlpgci/"; http_uri; depth:62; isdataat:!1,relative; content:"www.fuba.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422192/; classtype:trojan-activity;sid:81285292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422191)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422191/; classtype:trojan-activity;sid:81285291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422190)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7cab"; http_uri; depth:25; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422190/; classtype:trojan-activity;sid:81285290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422189)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422189/; classtype:trojan-activity;sid:81285289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422188)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422188/; classtype:trojan-activity;sid:81285288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422187)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422187/; classtype:trojan-activity;sid:81285287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422186)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422186/; classtype:trojan-activity;sid:81285286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422185)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422185/; classtype:trojan-activity;sid:81285285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422184)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422184/; classtype:trojan-activity;sid:81285284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422183)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422183/; classtype:trojan-activity;sid:81285283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422182)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422182/; classtype:trojan-activity;sid:81285282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422181)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422181/; classtype:trojan-activity;sid:81285281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422180)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422180/; classtype:trojan-activity;sid:81285280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422179)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422179/; classtype:trojan-activity;sid:81285279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422178)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422178/; classtype:trojan-activity;sid:81285278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422177)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422177/; classtype:trojan-activity;sid:81285277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422176)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422176/; classtype:trojan-activity;sid:81285276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422175)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422175/; classtype:trojan-activity;sid:81285275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422174)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422174/; classtype:trojan-activity;sid:81285274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422173)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422173/; classtype:trojan-activity;sid:81285273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422172)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6gsdlmpym.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422172/; classtype:trojan-activity;sid:81285272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422171)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422171/; classtype:trojan-activity;sid:81285271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422170)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422170/; classtype:trojan-activity;sid:81285270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422169)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422169/; classtype:trojan-activity;sid:81285269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422168)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422168/; classtype:trojan-activity;sid:81285268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422167)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422167/; classtype:trojan-activity;sid:81285267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422166)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422166/; classtype:trojan-activity;sid:81285266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422165)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422165/; classtype:trojan-activity;sid:81285265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422164)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422164/; classtype:trojan-activity;sid:81285264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422163)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422163/; classtype:trojan-activity;sid:81285263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422162)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422162/; classtype:trojan-activity;sid:81285262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422161)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422161/; classtype:trojan-activity;sid:81285261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422160)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422160/; classtype:trojan-activity;sid:81285260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422159)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422159/; classtype:trojan-activity;sid:81285259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422158)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422158/; classtype:trojan-activity;sid:81285258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422157)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422157/; classtype:trojan-activity;sid:81285257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422156)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422156/; classtype:trojan-activity;sid:81285256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422155)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422155/; classtype:trojan-activity;sid:81285255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422154)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"1iif89rvl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422154/; classtype:trojan-activity;sid:81285254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422153)"; flow:established,from_client; content:"GET"; http_method; content:"/steiin-admin/lm/5ncuavl6fq/"; http_uri; depth:28; isdataat:!1,relative; content:"gabrielfelipe.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422153/; classtype:trojan-activity;sid:81285253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.207.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422152/; classtype:trojan-activity;sid:81285252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.216.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422151/; classtype:trojan-activity;sid:81285251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.70.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422150/; classtype:trojan-activity;sid:81285250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.81.154.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422149/; classtype:trojan-activity;sid:81285249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.77.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422148/; classtype:trojan-activity;sid:81285248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.27.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422147/; classtype:trojan-activity;sid:81285247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.85.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422146/; classtype:trojan-activity;sid:81285246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.136.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422145/; classtype:trojan-activity;sid:81285245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.40.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422144/; classtype:trojan-activity;sid:81285244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422143/; classtype:trojan-activity;sid:81285243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.171.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422142/; classtype:trojan-activity;sid:81285242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.109.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422141/; classtype:trojan-activity;sid:81285241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422140)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422140/; classtype:trojan-activity;sid:81285240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422139)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422139/; classtype:trojan-activity;sid:81285239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422138)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422138/; classtype:trojan-activity;sid:81285238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422137)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422137/; classtype:trojan-activity;sid:81285237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422136)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422136/; classtype:trojan-activity;sid:81285236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422135)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422135/; classtype:trojan-activity;sid:81285235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422134)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422134/; classtype:trojan-activity;sid:81285234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422133)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422133/; classtype:trojan-activity;sid:81285233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422132)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422132/; classtype:trojan-activity;sid:81285232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422131)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422131/; classtype:trojan-activity;sid:81285231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422130)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422130/; classtype:trojan-activity;sid:81285230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422129)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422129/; classtype:trojan-activity;sid:81285229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422128)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422128/; classtype:trojan-activity;sid:81285228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422127)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422127/; classtype:trojan-activity;sid:81285227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422126)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422126/; classtype:trojan-activity;sid:81285226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422125)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422125/; classtype:trojan-activity;sid:81285225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422124)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422124/; classtype:trojan-activity;sid:81285224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422123)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"0eed1ejih.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422123/; classtype:trojan-activity;sid:81285223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422122)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zs2001-apm-888088/"; http_uri; depth:28; isdataat:!1,relative; content:"djeffries.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422122/; classtype:trojan-activity;sid:81285222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.0.132.173"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422121/; classtype:trojan-activity;sid:81285221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422120)"; flow:established,from_client; content:"GET"; http_method; content:"/garantiasaude/available-resource/guarded-77nx-3k9ptdi3/637769-igsyzn/"; http_uri; depth:70; isdataat:!1,relative; content:"gaoe.com.br"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422120/; classtype:trojan-activity;sid:81285220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422119)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/3j-0wr-000/"; http_uri; depth:21; isdataat:!1,relative; content:"kecsfila.hu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422119/; classtype:trojan-activity;sid:81285219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422118)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/parts_service/tyv2ng/"; http_uri; depth:34; isdataat:!1,relative; content:"goldilockstraining.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422118/; classtype:trojan-activity;sid:81285218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422117)"; flow:established,from_client; content:"GET"; http_method; content:"/chaos.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"149.56.225.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422117/; classtype:trojan-activity;sid:81285217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422116)"; flow:established,from_client; content:"GET"; http_method; content:"/zoeva/open-section/individual-827891-ugllqpiwclqzf/m6uiqj9hsdu-twcli3vu/"; http_uri; depth:73; isdataat:!1,relative; content:"goodbad.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422116/; classtype:trojan-activity;sid:81285216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422115)"; flow:established,from_client; content:"GET"; http_method; content:"/aci/available-7yrkemhow-coa7e2c3x33blm/individual-warehouse/fntyul-3k98dlim/"; http_uri; depth:77; isdataat:!1,relative; content:"aci.serabd.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422115/; classtype:trojan-activity;sid:81285215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422114)"; flow:established,from_client; content:"GET"; http_method; content:"/website/parts_service/"; http_uri; depth:23; isdataat:!1,relative; content:"w4icw.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422114/; classtype:trojan-activity;sid:81285214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422113)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/open_box/close_0298711536_qnjwlpsmis6/65274365448_5uqgk9f0bcvflkdg/"; http_uri; depth:80; isdataat:!1,relative; content:"jawara.pro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422113/; classtype:trojan-activity;sid:81285213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422112)"; flow:established,from_client; content:"GET"; http_method; content:"/1080/documentation/"; http_uri; depth:20; isdataat:!1,relative; content:"backroom.co.nz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422112/; classtype:trojan-activity;sid:81285212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422111)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/vdg7nu3ov7/"; http_uri; depth:15; isdataat:!1,relative; content:"chahooa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422111/; classtype:trojan-activity;sid:81285211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422110)"; flow:established,from_client; content:"GET"; http_method; content:"/print/60ka4484819911634268909r5a94sk9qha44yu/"; http_uri; depth:46; isdataat:!1,relative; content:"isatechnology.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422110/; classtype:trojan-activity;sid:81285210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422109)"; flow:established,from_client; content:"GET"; http_method; content:"/backup_oldfiles/sites/8lf9auekk/53kqs423125233926215bryrb9npsyy/"; http_uri; depth:65; isdataat:!1,relative; content:"lighthouse-safety-solutions.co.uk"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422109/; classtype:trojan-activity;sid:81285209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422108)"; flow:established,from_client; content:"GET"; http_method; content:"/estructuras-livianas/etrac/1xlyekqq33g/"; http_uri; depth:40; isdataat:!1,relative; content:"ingesolutions.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422108/; classtype:trojan-activity;sid:81285208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422107)"; flow:established,from_client; content:"GET"; http_method; content:"/include/inc/"; http_uri; depth:13; isdataat:!1,relative; content:"linesoft.fr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422107/; classtype:trojan-activity;sid:81285207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422106)"; flow:established,from_client; content:"GET"; http_method; content:"/swift/"; http_uri; depth:7; isdataat:!1,relative; content:"lunapizza.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422106/; classtype:trojan-activity;sid:81285206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422105)"; flow:established,from_client; content:"GET"; http_method; content:"/include/inc/"; http_uri; depth:13; isdataat:!1,relative; content:"www.linesoft.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422105/; classtype:trojan-activity;sid:81285205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422104)"; flow:established,from_client; content:"GET"; http_method; content:"/random/sites/8z2nfkn8/0rtv45642848544912c2usf979vz4cxfu5y/"; http_uri; depth:59; isdataat:!1,relative; content:"aptigence.com.au"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422104/; classtype:trojan-activity;sid:81285204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422103)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/rhfvyiy/"; http_uri; depth:17; isdataat:!1,relative; content:"globdesign.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422103/; classtype:trojan-activity;sid:81285203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422102)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvvv/e0aa_nir08_vf/"; http_uri; depth:21; isdataat:!1,relative; content:"itmh.org"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422102/; classtype:trojan-activity;sid:81285202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422101)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/m_57ss_tqngo4r/"; http_uri; depth:27; isdataat:!1,relative; content:"fotoobjetivo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422101/; classtype:trojan-activity;sid:81285201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422100)"; flow:established,from_client; content:"GET"; http_method; content:"/1e8nq_ij3_tq76ahy/"; http_uri; depth:19; isdataat:!1,relative; content:"jdelectronics.com.au"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422100/; classtype:trojan-activity;sid:81285200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422099)"; flow:established,from_client; content:"GET"; http_method; content:"/d3z_knd_g4/"; http_uri; depth:12; isdataat:!1,relative; content:"itvconsult.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422099/; classtype:trojan-activity;sid:81285199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422098)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/q6bk_pwr0_wevmq/"; http_uri; depth:24; isdataat:!1,relative; content:"itkossi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422098/; classtype:trojan-activity;sid:81285198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422097)"; flow:established,from_client; content:"GET"; http_method; content:"/js/common_8tzikrxm_zlpcg8v2/guarded_portal/j6eyojuyoq_0iovjiih/"; http_uri; depth:64; isdataat:!1,relative; content:"scmasabacus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422097/; classtype:trojan-activity;sid:81285197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422096)"; flow:established,from_client; content:"GET"; http_method; content:"/rams/open_x8jgihy_3gpvxmh3xtkt/guarded_profile/5914710691_ihisvlda7gihbqof/"; http_uri; depth:76; isdataat:!1,relative; content:"inbsolutions.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422096/; classtype:trojan-activity;sid:81285196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422095)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvvv/vzuwutd/"; http_uri; depth:15; isdataat:!1,relative; content:"horado.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422095/; classtype:trojan-activity;sid:81285195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422094)"; flow:established,from_client; content:"GET"; http_method; content:"/image/eo-rgs-077537/"; http_uri; depth:21; isdataat:!1,relative; content:"autobike.tw"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422094/; classtype:trojan-activity;sid:81285194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422093)"; flow:established,from_client; content:"GET"; http_method; content:"/sgq/ndmepq/"; http_uri; depth:12; isdataat:!1,relative; content:"capitaladm.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422093/; classtype:trojan-activity;sid:81285193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422092)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/personal-array/19685230-yuz7reuzuqrmrnv-8988541872-sf31dxhwac9u/wsy8ub6ax7-isxs0pvs/"; http_uri; depth:94; isdataat:!1,relative; content:"itmas.com.au"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422092/; classtype:trojan-activity;sid:81285192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422091)"; flow:established,from_client; content:"GET"; http_method; content:"/chaos.x86"; http_uri; depth:10; isdataat:!1,relative; content:"149.56.225.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422091/; classtype:trojan-activity;sid:81285191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422090)"; flow:established,from_client; content:"GET"; http_method; content:"/demo/zl6rm3schv_ar6j935e_module/verifiable_area/549884915170_5uveh3tmsgyea/"; http_uri; depth:76; isdataat:!1,relative; content:"www.calabria.com.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422090/; classtype:trojan-activity;sid:81285190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422089)"; flow:established,from_client; content:"GET"; http_method; content:"/ebanking/34ub1ibpctmc/zkoke5316762927778879wsc8yrs40n4xs7e5g0wh/"; http_uri; depth:65; isdataat:!1,relative; content:"gghekking.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422089/; classtype:trojan-activity;sid:81285189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422088)"; flow:established,from_client; content:"GET"; http_method; content:"/erros/multifunctional_zone/guarded_050947748940_pehq6sgsipjm/npv_s0u3yv14689w5/"; http_uri; depth:80; isdataat:!1,relative; content:"bemnessa.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422088/; classtype:trojan-activity;sid:81285188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422087)"; flow:established,from_client; content:"GET"; http_method; content:"/afm/3s-epxi-43/"; http_uri; depth:16; isdataat:!1,relative; content:"stechman.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422087/; classtype:trojan-activity;sid:81285187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422086)"; flow:established,from_client; content:"GET"; http_method; content:"/wolfsohn.co.uk/closed_resource/open_portal/f2mp_s3869v5/"; http_uri; depth:57; isdataat:!1,relative; content:"benthamstudio.co.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422086/; classtype:trojan-activity;sid:81285186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422085)"; flow:established,from_client; content:"GET"; http_method; content:"/css/mirkyginc/"; http_uri; depth:15; isdataat:!1,relative; content:"stonehouseevents.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422085/; classtype:trojan-activity;sid:81285185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422084)"; flow:established,from_client; content:"GET"; http_method; content:"/index_files/5riht/skjlee8h19/3r3875389870118i19wzyxkdq3r/"; http_uri; depth:58; isdataat:!1,relative; content:"www.cuestionspirits.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422084/; classtype:trojan-activity;sid:81285184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422083)"; flow:established,from_client; content:"GET"; http_method; content:"/old_sitexxxxxxxxxxxxxxxxxxxxxxxx/invoice/9q40uix/"; http_uri; depth:50; isdataat:!1,relative; content:"goldoni.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422083/; classtype:trojan-activity;sid:81285183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422082)"; flow:established,from_client; content:"GET"; http_method; content:"/fcgi-bin/multifunctional-khbuqe6ekcp0klpp-697hanmef/security-area/48402530470-l376n7/"; http_uri; depth:86; isdataat:!1,relative; content:"icacc.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422082/; classtype:trojan-activity;sid:81285182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422081)"; flow:established,from_client; content:"GET"; http_method; content:"/certificates/ot4beu0i-2riv-894132/"; http_uri; depth:35; isdataat:!1,relative; content:"wb0rur.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422081/; classtype:trojan-activity;sid:81285181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422080)"; flow:established,from_client; content:"GET"; http_method; content:"/banco/balance/l346g0rjbvf/kq72860476736qcu4tffv2rty2e9ypk/"; http_uri; depth:59; isdataat:!1,relative; content:"vidrorapido.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422080/; classtype:trojan-activity;sid:81285180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422079)"; flow:established,from_client; content:"GET"; http_method; content:"/ibmm8pqojz8pjr/open-box/security-warehouse/306363-lej4rurzkozury8/"; http_uri; depth:67; isdataat:!1,relative; content:"clanspectre.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422079/; classtype:trojan-activity;sid:81285179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422078)"; flow:established,from_client; content:"GET"; http_method; content:"/biblioteca_d/967506_cpeutmdwki_module/5qrgll4r_k6afsvlld1plgd_area/62511521024_pkmvwvhcg/"; http_uri; depth:90; isdataat:!1,relative; content:"clinsaobento.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422078/; classtype:trojan-activity;sid:81285178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422077)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/m6g965115517737951781n53xtjvr52/"; http_uri; depth:42; isdataat:!1,relative; content:"www.clinicconsortium.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422077/; classtype:trojan-activity;sid:81285177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422076)"; flow:established,from_client; content:"GET"; http_method; content:"/news/ci0a9-6n0-82666/"; http_uri; depth:22; isdataat:!1,relative; content:"craigdphotography.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422076/; classtype:trojan-activity;sid:81285176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422075)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/"; http_uri; depth:21; isdataat:!1,relative; content:"www.ffval.hr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422075/; classtype:trojan-activity;sid:81285175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422074)"; flow:established,from_client; content:"GET"; http_method; content:"/book/lu6ic4k2n7prgw-ik9d9k-zone/verified-profile/z7l07yy1tce1-9v3w8swy5yt0y7/"; http_uri; depth:78; isdataat:!1,relative; content:"comerford.org.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422074/; classtype:trojan-activity;sid:81285174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422073)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/gz/"; http_uri; depth:20; isdataat:!1,relative; content:"creativeworld.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422073/; classtype:trojan-activity;sid:81285173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422072)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/multifunctional-zone/guarded-portal/j5flbvq-m87iwk4in/"; http_uri; depth:66; isdataat:!1,relative; content:"coneymedia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422072/; classtype:trojan-activity;sid:81285172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422071)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/289915-nojxwgpyhzlz-disk/individual-warehouse/29584277322996-enoifipexgvq2a5/"; http_uri; depth:89; isdataat:!1,relative; content:"cosentinoconsult.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422071/; classtype:trojan-activity;sid:81285171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422070)"; flow:established,from_client; content:"GET"; http_method; content:"/gold99.com.tw/ty-8ej-60/"; http_uri; depth:25; isdataat:!1,relative; content:"digipro.com.tw"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422070/; classtype:trojan-activity;sid:81285170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422069)"; flow:established,from_client; content:"GET"; http_method; content:"/views/cog8y53oqe/"; http_uri; depth:18; isdataat:!1,relative; content:"cyper.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422069/; classtype:trojan-activity;sid:81285169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422068)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/personal-152721572730-gls250/corporate-space/2ws4cr0p8pvwbg-u028sux64w2/"; http_uri; depth:81; isdataat:!1,relative; content:"www.industrialequip.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422068/; classtype:trojan-activity;sid:81285168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422067)"; flow:established,from_client; content:"GET"; http_method; content:"/index_htm_files/ymxnsmhr/"; http_uri; depth:26; isdataat:!1,relative; content:"eduprecaro.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422067/; classtype:trojan-activity;sid:81285167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422066)"; flow:established,from_client; content:"GET"; http_method; content:"/dist/js/pages/je22cxqsy/"; http_uri; depth:25; isdataat:!1,relative; content:"flancalfaltd10.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422066/; classtype:trojan-activity;sid:81285166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422065)"; flow:established,from_client; content:"GET"; http_method; content:"/realestate/rjbnr/"; http_uri; depth:18; isdataat:!1,relative; content:"mydcareahomes.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422065/; classtype:trojan-activity;sid:81285165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422064)"; flow:established,from_client; content:"GET"; http_method; content:"/binar/paclm/b6sh9nce6p/"; http_uri; depth:24; isdataat:!1,relative; content:"www.cwa.mx"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422064/; classtype:trojan-activity;sid:81285164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422063)"; flow:established,from_client; content:"GET"; http_method; content:"/dad/b2a2-3dxj-463/"; http_uri; depth:19; isdataat:!1,relative; content:"ejardine.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422063/; classtype:trojan-activity;sid:81285163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422062)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/4jc3o0kkf5136n14s0obie5i3338237o/cvti06n64m39k46u5dq77jfcn1n0vgj0/1596123000000/04109221038025315178/09384270791473589425/1u2qywddyoi4w268jvqavm9kk5kcndigae=download|7c|26|7c|authuser=0|7c|26|7c|nonce=33dobt5l9uo5m|7c|26|7c|user=09384270791473589425|7c|26|7c|hash=2flsdv8s6ram63kdo3mikff02s9caobk"; http_uri; depth:311; isdataat:!1,relative; content:"doc-0g-50-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422062/; classtype:trojan-activity;sid:81285162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422061)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ibrkl/"; http_uri; depth:18; isdataat:!1,relative; content:"lifegiva.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422061/; classtype:trojan-activity;sid:81285161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422060)"; flow:established,from_client; content:"GET"; http_method; content:"/css/multifunctional-zone/6p6fz5872xavk-l6kkagnmmxx-yrjo5qol2oj7pb-9woqaqbj/qwbxe9tcbih-8swx728z44/"; http_uri; depth:99; isdataat:!1,relative; content:"megasolucoesti.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422060/; classtype:trojan-activity;sid:81285160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422059)"; flow:established,from_client; content:"GET"; http_method; content:"/oldcodes/closed_sector/interior_portal/573409027_txvpo6f3wd/"; http_uri; depth:61; isdataat:!1,relative; content:"www.spcc.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422059/; classtype:trojan-activity;sid:81285159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422058)"; flow:established,from_client; content:"GET"; http_method; content:"/firma/luxart/"; http_uri; depth:14; isdataat:!1,relative; content:"inmayjose.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422058/; classtype:trojan-activity;sid:81285158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422057)"; flow:established,from_client; content:"GET"; http_method; content:"/prototype_dev/document/"; http_uri; depth:24; isdataat:!1,relative; content:"utah211.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422057/; classtype:trojan-activity;sid:81285157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422056)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zlicu/"; http_uri; depth:16; isdataat:!1,relative; content:"jonathanfun.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422056/; classtype:trojan-activity;sid:81285156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422055)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wyjh0_a_qa6o72zg/"; http_uri; depth:29; isdataat:!1,relative; content:"jamesgrantguitar.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422055/; classtype:trojan-activity;sid:81285155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422054)"; flow:established,from_client; content:"GET"; http_method; content:"/ts/8okvz_je_lpg9ty/"; http_uri; depth:20; isdataat:!1,relative; content:"jabenitez.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422054/; classtype:trojan-activity;sid:81285154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422053)"; flow:established,from_client; content:"GET"; http_method; content:"/old/wp-content/cache/minify/m_m9_mj/"; http_uri; depth:37; isdataat:!1,relative; content:"www.knightlycomputing.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422053/; classtype:trojan-activity;sid:81285153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422052)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/x6_po_l4bvtd2d/"; http_uri; depth:22; isdataat:!1,relative; content:"ke-s.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422052/; classtype:trojan-activity;sid:81285152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422051)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vx_o492_ej/"; http_uri; depth:21; isdataat:!1,relative; content:"itbparnamirim.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422051/; classtype:trojan-activity;sid:81285151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422050)"; flow:established,from_client; content:"GET"; http_method; content:"/closed_disk/external_space/wy22_v458uxzu002uy/"; http_uri; depth:47; isdataat:!1,relative; content:"anja.nu"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422050/; classtype:trojan-activity;sid:81285150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422049)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut18.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422049/; classtype:trojan-activity;sid:81285149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422048)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut17.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422048/; classtype:trojan-activity;sid:81285148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422047)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut16.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422047/; classtype:trojan-activity;sid:81285147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422046)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut15.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422046/; classtype:trojan-activity;sid:81285146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422045)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut14.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422045/; classtype:trojan-activity;sid:81285145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422044)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422044/; classtype:trojan-activity;sid:81285144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422043)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut12.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422043/; classtype:trojan-activity;sid:81285143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422042)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut11.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422042/; classtype:trojan-activity;sid:81285142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422041)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422041/; classtype:trojan-activity;sid:81285141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422040)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut9cab"; http_uri; depth:25; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422040/; classtype:trojan-activity;sid:81285140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422039)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut8.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422039/; classtype:trojan-activity;sid:81285139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422038)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut7.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422038/; classtype:trojan-activity;sid:81285138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422037)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422037/; classtype:trojan-activity;sid:81285137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422036)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut5.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422036/; classtype:trojan-activity;sid:81285136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422035)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut4.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422035/; classtype:trojan-activity;sid:81285135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422034)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut3.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422034/; classtype:trojan-activity;sid:81285134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422033)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut2.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422033/; classtype:trojan-activity;sid:81285133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422032)"; flow:established,from_client; content:"GET"; http_method; content:"/bolb/jaent.phpl=liut1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"6kd743o1w.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422032/; classtype:trojan-activity;sid:81285132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.227.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422031/; classtype:trojan-activity;sid:81285131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.55.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422030/; classtype:trojan-activity;sid:81285130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.36.26.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422029/; classtype:trojan-activity;sid:81285129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"92.54.237.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422028/; classtype:trojan-activity;sid:81285128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.21.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422027/; classtype:trojan-activity;sid:81285127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.188.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422026/; classtype:trojan-activity;sid:81285126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422025)"; flow:established,from_client; content:"GET"; http_method; content:"/infomagia/bix/"; http_uri; depth:15; isdataat:!1,relative; content:"infomagia.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422025/; classtype:trojan-activity;sid:81285125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422024)"; flow:established,from_client; content:"GET"; http_method; content:"/cursoculinariasaudavel/emv/"; http_uri; depth:28; isdataat:!1,relative; content:"dewide.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422024/; classtype:trojan-activity;sid:81285124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422023)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kh9-nhd-95338/"; http_uri; depth:24; isdataat:!1,relative; content:"agacenter.ro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422023/; classtype:trojan-activity;sid:81285123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422022)"; flow:established,from_client; content:"GET"; http_method; content:"/cache/ic6su7/"; http_uri; depth:14; isdataat:!1,relative; content:"janoshi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422022/; classtype:trojan-activity;sid:81285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422021)"; flow:established,from_client; content:"GET"; http_method; content:"/signature/xb915btdkpnb/sybxs3e32bl/2g0ef934479799577067482sxw5w21t5edfq5c0ka/"; http_uri; depth:78; isdataat:!1,relative; content:"artabout.gr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422021/; classtype:trojan-activity;sid:81285121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422020)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/k_fhsvc_wni2zxzrc/"; http_uri; depth:28; isdataat:!1,relative; content:"scoenuganda.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422020/; classtype:trojan-activity;sid:81285120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422019)"; flow:established,from_client; content:"GET"; http_method; content:"/arturo/w3j1xnp11/"; http_uri; depth:18; isdataat:!1,relative; content:"www.magoenmadrid.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422019/; classtype:trojan-activity;sid:81285119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/closed_disk/verifiable_warehouse/4454466527_r7ojkf/"; http_uri; depth:56; isdataat:!1,relative; content:"kmklawllp.co.ke"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422018/; classtype:trojan-activity;sid:81285118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422017)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xpfdrq/"; http_uri; depth:17; isdataat:!1,relative; content:"bangkokglass.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422017/; classtype:trojan-activity;sid:81285117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422016)"; flow:established,from_client; content:"GET"; http_method; content:"/spark/qozqtwjus/"; http_uri; depth:17; isdataat:!1,relative; content:"sparkcreativeworks.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422016/; classtype:trojan-activity;sid:81285116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422015)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qlgk8wk6ll1458113/"; http_uri; depth:27; isdataat:!1,relative; content:"thehenkins.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422015/; classtype:trojan-activity;sid:81285115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422014)"; flow:established,from_client; content:"GET"; http_method; content:"/journal/nkk7135571/"; http_uri; depth:20; isdataat:!1,relative; content:"blscomputerworks.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422014/; classtype:trojan-activity;sid:81285114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422013)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/kiw586pbrk520193/"; http_uri; depth:29; isdataat:!1,relative; content:"quickwood.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422013/; classtype:trojan-activity;sid:81285113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422012)"; flow:established,from_client; content:"GET"; http_method; content:"/hotel-normandie/1947/nky97u3/4ea1x89704023169y828lkwtz0es1avz/"; http_uri; depth:63; isdataat:!1,relative; content:"www.lokaunet.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422012/; classtype:trojan-activity;sid:81285112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422011)"; flow:established,from_client; content:"GET"; http_method; content:"/logos/oct/vk51tln/ifstp4h269839864890zx0jf6prk/"; http_uri; depth:48; isdataat:!1,relative; content:"bey12.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422011/; classtype:trojan-activity;sid:81285111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422010)"; flow:established,from_client; content:"GET"; http_method; content:"/img/vqsm/"; http_uri; depth:10; isdataat:!1,relative; content:"inzien.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422010/; classtype:trojan-activity;sid:81285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422009)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/sites/g74vm9gs/4b883927243019016csfy17fxlfe44ym3byboz/"; http_uri; depth:63; isdataat:!1,relative; content:"chaoscopia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422009/; classtype:trojan-activity;sid:81285109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422008)"; flow:established,from_client; content:"GET"; http_method; content:"/logssite/paclm/"; http_uri; depth:16; isdataat:!1,relative; content:"firstlineit.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422008/; classtype:trojan-activity;sid:81285108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422007/; classtype:trojan-activity;sid:81285107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422006/; classtype:trojan-activity;sid:81285106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422005)"; flow:established,from_client; content:"GET"; http_method; content:"/css/8411573_qhfohrjicsqmp2d_box/90682778_l3hqoe_profile/091496923549_mt2htfcl62lq5p/"; http_uri; depth:85; isdataat:!1,relative; content:"firemaplegames.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422005/; classtype:trojan-activity;sid:81285105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422004)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/hdbyvnff8una/"; http_uri; depth:35; isdataat:!1,relative; content:"tecnozam.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422004/; classtype:trojan-activity;sid:81285104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.arm"; http_uri; depth:16; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422003/; classtype:trojan-activity;sid:81285103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422002/; classtype:trojan-activity;sid:81285102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422001/; classtype:trojan-activity;sid:81285101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422000/; classtype:trojan-activity;sid:81285100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.x86"; http_uri; depth:16; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421999/; classtype:trojan-activity;sid:81285099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421998/; classtype:trojan-activity;sid:81285098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421997/; classtype:trojan-activity;sid:81285097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421996)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/caiijoty/"; http_uri; depth:18; isdataat:!1,relative; content:"katana.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421996/; classtype:trojan-activity;sid:81285096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421995)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421995/; classtype:trojan-activity;sid:81285095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421994)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421994/; classtype:trojan-activity;sid:81285094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421993)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421993/; classtype:trojan-activity;sid:81285093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421992)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421992/; classtype:trojan-activity;sid:81285092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421991)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421991/; classtype:trojan-activity;sid:81285091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.spc"; http_uri; depth:16; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421990/; classtype:trojan-activity;sid:81285090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421989)"; flow:established,from_client; content:"GET"; http_method; content:"/support/open_array/additional_rza5v37_qk6kzm6rjwoixh/92377040671_cuuoce3h/"; http_uri; depth:75; isdataat:!1,relative; content:"intelligence.com.sg"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421989/; classtype:trojan-activity;sid:81285089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421988)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/speel/"; http_uri; depth:15; isdataat:!1,relative; content:"giantsinthesky.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421988/; classtype:trojan-activity;sid:81285088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421987)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421987/; classtype:trojan-activity;sid:81285087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421986)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421986/; classtype:trojan-activity;sid:81285086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421985)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"159.89.123.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421985/; classtype:trojan-activity;sid:81285085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421984)"; flow:established,from_client; content:"GET"; http_method; content:"/53"; http_uri; depth:3; isdataat:!1,relative; content:"98.159.99.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421984/; classtype:trojan-activity;sid:81285084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421983)"; flow:established,from_client; content:"GET"; http_method; content:"/dgtes300720/dgtes300720.zip"; http_uri; depth:28; isdataat:!1,relative; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421983/; classtype:trojan-activity;sid:81285083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421982)"; flow:established,from_client; content:"GET"; http_method; content:"/jrv_antigo/36qkwciosy6qs-1dxjawwaw-zone/interior-space/qzvecxbs-5g5htj2unr5dj/"; http_uri; depth:79; isdataat:!1,relative; content:"jrvservices.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421982/; classtype:trojan-activity;sid:81285082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421981)"; flow:established,from_client; content:"GET"; http_method; content:"/own/swift/1berhkyl/"; http_uri; depth:20; isdataat:!1,relative; content:"www.intercont.eu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421981/; classtype:trojan-activity;sid:81285081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421980)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/"; http_uri; depth:21; isdataat:!1,relative; content:"www.jsdg.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421980/; classtype:trojan-activity;sid:81285080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421979)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/xubvoifyz/"; http_uri; depth:23; isdataat:!1,relative; content:"kultfitness.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421979/; classtype:trojan-activity;sid:81285079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421978)"; flow:established,from_client; content:"GET"; http_method; content:"/chaos.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"149.56.225.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421978/; classtype:trojan-activity;sid:81285078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421977)"; flow:established,from_client; content:"GET"; http_method; content:"/js/private-module/verified-profile/myoigsxqpsim-0z8u685t/"; http_uri; depth:58; isdataat:!1,relative; content:"altdigital.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421977/; classtype:trojan-activity;sid:81285077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421976)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rlcju-gu-290417/"; http_uri; depth:28; isdataat:!1,relative; content:"www.lerasole.it"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421976/; classtype:trojan-activity;sid:81285076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421975)"; flow:established,from_client; content:"GET"; http_method; content:"/medals/778147664/"; http_uri; depth:18; isdataat:!1,relative; content:"esnconsultants.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421975/; classtype:trojan-activity;sid:81285075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.132.24.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421974/; classtype:trojan-activity;sid:81285074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421973)"; flow:established,from_client; content:"GET"; http_method; content:"/6aqjxtad-7c1-01/"; http_uri; depth:17; isdataat:!1,relative; content:"ldgcorp.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421973/; classtype:trojan-activity;sid:81285073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421972)"; flow:established,from_client; content:"GET"; http_method; content:"//libraries/bankbankgg.exe"; http_uri; depth:26; isdataat:!1,relative; content:"www.epyorke.edu.bz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421972/; classtype:trojan-activity;sid:81285072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421971)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/browse/nfy6gx113300005267668887eps7evqjczwlh1eyi8mx1d/"; http_uri; depth:63; isdataat:!1,relative; content:"kontaci.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421971/; classtype:trojan-activity;sid:81285071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421970)"; flow:established,from_client; content:"GET"; http_method; content:"/test/udmtr/"; http_uri; depth:12; isdataat:!1,relative; content:"www.libertolaw.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421970/; classtype:trojan-activity;sid:81285070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421969)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/private_array/interior_cloud/43197515760197_afdbr5sjxttxa/"; http_uri; depth:66; isdataat:!1,relative; content:"www.kriskate.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421969/; classtype:trojan-activity;sid:81285069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421968)"; flow:established,from_client; content:"GET"; http_method; content:"/vddb/esp/"; http_uri; depth:10; isdataat:!1,relative; content:"kupkes.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421968/; classtype:trojan-activity;sid:81285068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421967)"; flow:established,from_client; content:"GET"; http_method; content:"/guest/public/"; http_uri; depth:14; isdataat:!1,relative; content:"lancon.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421967/; classtype:trojan-activity;sid:81285067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421966)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/docs/2gge4ej/"; http_uri; depth:24; isdataat:!1,relative; content:"laschuk.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421966/; classtype:trojan-activity;sid:81285066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421965)"; flow:established,from_client; content:"GET"; http_method; content:"/connections/personal_615619753_43j6pbfo/individual_space/pihytuthz_m7qskb96cddi/"; http_uri; depth:81; isdataat:!1,relative; content:"www.kunsttrip.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421965/; classtype:trojan-activity;sid:81285065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421964)"; flow:established,from_client; content:"GET"; http_method; content:"/f07w_pzamtx0kz2jp_sector/verified_warehouse/7445119449_mbxckpb9/"; http_uri; depth:65; isdataat:!1,relative; content:"ktbcs.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421964/; classtype:trojan-activity;sid:81285064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421963)"; flow:established,from_client; content:"GET"; http_method; content:"/lm/szfb5c54/"; http_uri; depth:13; isdataat:!1,relative; content:"laurenebohn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421963/; classtype:trojan-activity;sid:81285063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421962)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/overview/teei81i/"; http_uri; depth:24; isdataat:!1,relative; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421962/; classtype:trojan-activity;sid:81285062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421961)"; flow:established,from_client; content:"GET"; http_method; content:"/gedcomfiles/nw7gitwu6/0oak72363624345bs7okhmb3/"; http_uri; depth:48; isdataat:!1,relative; content:"lindasfamilytrees.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421961/; classtype:trojan-activity;sid:81285061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421960)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lwnwmvay/"; http_uri; depth:18; isdataat:!1,relative; content:"lingledist.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421960/; classtype:trojan-activity;sid:81285060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421959)"; flow:established,from_client; content:"GET"; http_method; content:"/corvette/dtay/"; http_uri; depth:15; isdataat:!1,relative; content:"virtualmillers.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421959/; classtype:trojan-activity;sid:81285059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421958)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/1yp/"; http_uri; depth:12; isdataat:!1,relative; content:"surguy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421958/; classtype:trojan-activity;sid:81285058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421957)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/b40e81/"; http_uri; depth:19; isdataat:!1,relative; content:"juniorsplayground.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421957/; classtype:trojan-activity;sid:81285057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421956)"; flow:established,from_client; content:"GET"; http_method; content:"/3wgf/"; http_uri; depth:6; isdataat:!1,relative; content:"katebayless.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421956/; classtype:trojan-activity;sid:81285056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421955)"; flow:established,from_client; content:"GET"; http_method; content:"/wvw/jp004459/"; http_uri; depth:14; isdataat:!1,relative; content:"charihome.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421955/; classtype:trojan-activity;sid:81285055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421954)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/gm/"; http_uri; depth:10; isdataat:!1,relative; content:"www.loveslap.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421954/; classtype:trojan-activity;sid:81285054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421953)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbs/cm/css/72405/l02wb5/"; http_uri; depth:28; isdataat:!1,relative; content:"loboelhouwers.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421953/; classtype:trojan-activity;sid:81285053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421952)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/299024650/"; http_uri; depth:19; isdataat:!1,relative; content:"lmimpresiones.cl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421952/; classtype:trojan-activity;sid:81285052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421951)"; flow:established,from_client; content:"GET"; http_method; content:"/opengarden/ecte/"; http_uri; depth:17; isdataat:!1,relative; content:"lucienc.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421951/; classtype:trojan-activity;sid:81285051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421950)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/balance/tdfu46666340722745c16g659jfn01hq5gs/"; http_uri; depth:56; isdataat:!1,relative; content:"logotypfabriken.se"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421950/; classtype:trojan-activity;sid:81285050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421949)"; flow:established,from_client; content:"GET"; http_method; content:"/fogkbv-rl-843138/"; http_uri; depth:18; isdataat:!1,relative; content:"lunny.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421949/; classtype:trojan-activity;sid:81285049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421948)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts_index/attachments/df74rpt7r/"; http_uri; depth:37; isdataat:!1,relative; content:"luchies.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421948/; classtype:trojan-activity;sid:81285048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421947)"; flow:established,from_client; content:"GET"; http_method; content:"/oldsite/payment/ki1u109375710aw5vp7o5319jq/"; http_uri; depth:44; isdataat:!1,relative; content:"lubbocksss.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421947/; classtype:trojan-activity;sid:81285047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421946)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uk7-u6-9136/"; http_uri; depth:22; isdataat:!1,relative; content:"luizazan.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421946/; classtype:trojan-activity;sid:81285046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421945)"; flow:established,from_client; content:"GET"; http_method; content:"/referencje/esp/uwhqg2668285910mp4wq347u9x5qpu/"; http_uri; depth:47; isdataat:!1,relative; content:"luczakj.c0.pl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421945/; classtype:trojan-activity;sid:81285045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421944)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ggwipb/"; http_uri; depth:20; isdataat:!1,relative; content:"lotuspolymers.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421944/; classtype:trojan-activity;sid:81285044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421943)"; flow:established,from_client; content:"GET"; http_method; content:"/audio/lm/"; http_uri; depth:10; isdataat:!1,relative; content:"magdork.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421943/; classtype:trojan-activity;sid:81285043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421942)"; flow:established,from_client; content:"GET"; http_method; content:"/paclm/n389338722w6hiss0ntgl06s4672y/"; http_uri; depth:37; isdataat:!1,relative; content:"luilao.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421942/; classtype:trojan-activity;sid:81285042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421941)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/esp/nw523892229086842bdpbyjxvyq5fz49g/"; http_uri; depth:55; isdataat:!1,relative; content:"luggares.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421941/; classtype:trojan-activity;sid:81285041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421940)"; flow:established,from_client; content:"GET"; http_method; content:"/blog_img/lpary2-lu-94322/"; http_uri; depth:26; isdataat:!1,relative; content:"www.magsoft.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421940/; classtype:trojan-activity;sid:81285040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421939)"; flow:established,from_client; content:"GET"; http_method; content:"/wwvv2/90-1i-3993/"; http_uri; depth:18; isdataat:!1,relative; content:"iserrat.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421939/; classtype:trojan-activity;sid:81285039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421938)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"152.250.47.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421938/; classtype:trojan-activity;sid:81285038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421937)"; flow:established,from_client; content:"GET"; http_method; content:"/photosbyrob.net/balance/71shau33243030126802pwjsvj580zyh9imi/"; http_uri; depth:62; isdataat:!1,relative; content:"madebyrob.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421937/; classtype:trojan-activity;sid:81285037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.23.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421936/; classtype:trojan-activity;sid:81285036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.51.202.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421935/; classtype:trojan-activity;sid:81285035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.117.152.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421934/; classtype:trojan-activity;sid:81285034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421933/; classtype:trojan-activity;sid:81285033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.104.248.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421932/; classtype:trojan-activity;sid:81285032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421931)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/b5mzdpb-si-99862/"; http_uri; depth:30; isdataat:!1,relative; content:"itgastaldi.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421931/; classtype:trojan-activity;sid:81285031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421930)"; flow:established,from_client; content:"GET"; http_method; content:"/kep_kulcstarto_kicsi/siij1n-wry7-591374/"; http_uri; depth:41; isdataat:!1,relative; content:"kelomotor.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421930/; classtype:trojan-activity;sid:81285030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.32.203.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421929/; classtype:trojan-activity;sid:81285029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"175.206.84.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421928/; classtype:trojan-activity;sid:81285028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421927)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/iwq3rgt2iaj/"; http_uri; depth:30; isdataat:!1,relative; content:"vailventures.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421927/; classtype:trojan-activity;sid:81285027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421926)"; flow:established,from_client; content:"GET"; http_method; content:"/vivantphoto/report/y2nfl582427761627221jle7pggwyc62khivc3j611/"; http_uri; depth:63; isdataat:!1,relative; content:"ishbudesign.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421926/; classtype:trojan-activity;sid:81285026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421925)"; flow:established,from_client; content:"GET"; http_method; content:"/swift/w2936888764695127646oqtynli3xg7xsmj8qbtd/"; http_uri; depth:48; isdataat:!1,relative; content:"ishtera.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421925/; classtype:trojan-activity;sid:81285025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421924)"; flow:established,from_client; content:"GET"; http_method; content:"/print/60ka4484819911634268909r5a94sk9qha44yu/"; http_uri; depth:46; isdataat:!1,relative; content:"www.isatechnology.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421924/; classtype:trojan-activity;sid:81285024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421923)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/google.mips"; http_uri; depth:17; isdataat:!1,relative; content:"198.100.159.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421923/; classtype:trojan-activity;sid:81285023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421922)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/doc/"; http_uri; depth:13; isdataat:!1,relative; content:"karenfishermusic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421922/; classtype:trojan-activity;sid:81285022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421921)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gn6fnf6f"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421921/; classtype:trojan-activity;sid:81285021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421920)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/beah3uu3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421920/; classtype:trojan-activity;sid:81285020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421919)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yj9lfygb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421919/; classtype:trojan-activity;sid:81285019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421918)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e5ry8f9d"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421918/; classtype:trojan-activity;sid:81285018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421917)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/raktuwct"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421917/; classtype:trojan-activity;sid:81285017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421916)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1b7w9jv1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421916/; classtype:trojan-activity;sid:81285016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421915)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/swift/"; http_uri; depth:18; isdataat:!1,relative; content:"kerosky.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421915/; classtype:trojan-activity;sid:81285015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421914)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inc/egklww4213856084mdhayqgk1zafvni4vpb/"; http_uri; depth:53; isdataat:!1,relative; content:"www.isisjade.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421914/; classtype:trojan-activity;sid:81285014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421913)"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/mode/aps.exe"; http_uri; depth:21; isdataat:!1,relative; content:"auxmalishoes.ga"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421913/; classtype:trojan-activity;sid:81285013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421912)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.60.106.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421912/; classtype:trojan-activity;sid:81285012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421911)"; flow:established,from_client; content:"GET"; http_method; content:"/thais/q2cgiibo0rg/8f62669073955108j5obt9dp8n3/"; http_uri; depth:47; isdataat:!1,relative; content:"irlenmenezes.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421911/; classtype:trojan-activity;sid:81285011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/oo511lkbwz2k/iv5457767573326884l709fjy5ls6up/"; http_uri; depth:52; isdataat:!1,relative; content:"jamesbillingsley.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421910/; classtype:trojan-activity;sid:81285010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421909)"; flow:established,from_client; content:"GET"; http_method; content:"/emarketing2/etrac/"; http_uri; depth:19; isdataat:!1,relative; content:"jamconsulting.com.au"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421909/; classtype:trojan-activity;sid:81285009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421908)"; flow:established,from_client; content:"GET"; http_method; content:"/_media/vcpg_k56w_8d5/"; http_uri; depth:22; isdataat:!1,relative; content:"kmgusa.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421908/; classtype:trojan-activity;sid:81285008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421907)"; flow:established,from_client; content:"GET"; http_method; content:"/now/marck-script/c3j0x_6_8z2g0sdd/"; http_uri; depth:35; isdataat:!1,relative; content:"webpresario.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421907/; classtype:trojan-activity;sid:81285007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421906)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ni9tn_7_6aiui/"; http_uri; depth:26; isdataat:!1,relative; content:"www.geodesign07.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421906/; classtype:trojan-activity;sid:81285006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421905)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/u_a_vn/"; http_uri; depth:20; isdataat:!1,relative; content:"saangberg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421905/; classtype:trojan-activity;sid:81285005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421904)"; flow:established,from_client; content:"GET"; http_method; content:"/stylesheets/46_b_ez5p/"; http_uri; depth:23; isdataat:!1,relative; content:"www.merlincolor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421904/; classtype:trojan-activity;sid:81285004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421903)"; flow:established,from_client; content:"GET"; http_method; content:"/lf0709yedm/etrac/zsf9ft4i8c6p/"; http_uri; depth:31; isdataat:!1,relative; content:"janakre.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421903/; classtype:trojan-activity;sid:81285003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421902)"; flow:established,from_client; content:"GET"; http_method; content:"/produtos/qedyt/"; http_uri; depth:16; isdataat:!1,relative; content:"randradeseguros.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421902/; classtype:trojan-activity;sid:81285002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421901)"; flow:established,from_client; content:"GET"; http_method; content:"/balance/"; http_uri; depth:9; isdataat:!1,relative; content:"jamisonplazanews.com.au"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421901/; classtype:trojan-activity;sid:81285001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421900)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.246.225.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421900/; classtype:trojan-activity;sid:81285000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421899)"; flow:established,from_client; content:"GET"; http_method; content:"/cache/ic6su7/"; http_uri; depth:14; isdataat:!1,relative; content:"www.janoshi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421899/; classtype:trojan-activity;sid:81284999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421898)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/12dlpe5/"; http_uri; depth:21; isdataat:!1,relative; content:"jasonb.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421898/; classtype:trojan-activity;sid:81284998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421897)"; flow:established,from_client; content:"GET"; http_method; content:"/css/reporting/po3x708837819192166196fun7k976gnpv/"; http_uri; depth:50; isdataat:!1,relative; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421897/; classtype:trojan-activity;sid:81284997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421896)"; flow:established,from_client; content:"GET"; http_method; content:"/selfie365.me/payment/gxz5iig0/r2453600824905i06n9m1y1g/"; http_uri; depth:56; isdataat:!1,relative; content:"jenthornton.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421896/; classtype:trojan-activity;sid:81284996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421895)"; flow:established,from_client; content:"GET"; http_method; content:"/joomlatest/parts_service/"; http_uri; depth:26; isdataat:!1,relative; content:"jessicaschochphotography.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421895/; classtype:trojan-activity;sid:81284995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421894)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/browse/"; http_uri; depth:16; isdataat:!1,relative; content:"jestteesn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421894/; classtype:trojan-activity;sid:81284994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421893)"; flow:established,from_client; content:"GET"; http_method; content:"/public/wu6orx46683709305doo0m9879tm/"; http_uri; depth:37; isdataat:!1,relative; content:"jetmundsen.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421893/; classtype:trojan-activity;sid:81284993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421892)"; flow:established,from_client; content:"GET"; http_method; content:"/bpkpuljwg1u2ag5.exe"; http_uri; depth:20; isdataat:!1,relative; content:"8hebrew.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421892/; classtype:trojan-activity;sid:81284992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421891)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/93lyz1xaxrc5/g17033349632990yn3foczzqq/"; http_uri; depth:55; isdataat:!1,relative; content:"jetjackinc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421891/; classtype:trojan-activity;sid:81284991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421890)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/reporting/1xkor79915729116201642hw8honlznv86cctm/"; http_uri; depth:60; isdataat:!1,relative; content:"jimbrashear.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421890/; classtype:trojan-activity;sid:81284990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421889)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.x86"; http_uri; depth:35; isdataat:!1,relative; content:"37.49.224.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421889/; classtype:trojan-activity;sid:81284989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421888)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mpsl"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.224.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421888/; classtype:trojan-activity;sid:81284988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421887)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.mips"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.224.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421887/; classtype:trojan-activity;sid:81284987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421886)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm5"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.224.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421886/; classtype:trojan-activity;sid:81284986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421885)"; flow:established,from_client; content:"GET"; http_method; content:"/balance/ceuacg/"; http_uri; depth:16; isdataat:!1,relative; content:"johnstranovsky.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421885/; classtype:trojan-activity;sid:81284985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421884)"; flow:established,from_client; content:"GET"; http_method; content:"/ohcho7wyrf9w3ey.exe"; http_uri; depth:20; isdataat:!1,relative; content:"8hebrew.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421884/; classtype:trojan-activity;sid:81284984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//911.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"45.95.168.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421883/; classtype:trojan-activity;sid:81284983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421882)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm"; http_uri; depth:27; isdataat:!1,relative; content:"185.172.110.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421882/; classtype:trojan-activity;sid:81284982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421881)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/swift/ya70132464563i0fsbynx8oen1/"; http_uri; depth:45; isdataat:!1,relative; content:"jimlutzforohio.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421881/; classtype:trojan-activity;sid:81284981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421880)"; flow:established,from_client; content:"GET"; http_method; content:"/evelaer/12i162369041528686404666hlvx89lok/"; http_uri; depth:43; isdataat:!1,relative; content:"joswinter.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421880/; classtype:trojan-activity;sid:81284980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421879)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fm8fuk4td9hu9s0/odeme.7z/file"; http_uri; depth:35; isdataat:!1,relative; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421879/; classtype:trojan-activity;sid:81284979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421878)"; flow:established,from_client; content:"GET"; http_method; content:"/gallery/public/0soxhi9gcj/eme42u2766527950471035zum0ezi86jhpcg2rk6/"; http_uri; depth:68; isdataat:!1,relative; content:"karenscuts.biz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421878/; classtype:trojan-activity;sid:81284978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421877)"; flow:established,from_client; content:"GET"; http_method; content:"/plesk-stat/personal-array/security-s94-wwfhjs4woa0c90e/0ebs0k-8t9x3241tvtvy/"; http_uri; depth:77; isdataat:!1,relative; content:"garethjames.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421877/; classtype:trojan-activity;sid:81284977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421876)"; flow:established,from_client; content:"GET"; http_method; content:"/images/report/ivtxrc7ryatx/"; http_uri; depth:28; isdataat:!1,relative; content:"kcimage.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421876/; classtype:trojan-activity;sid:81284976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421875)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ohy758/"; http_uri; depth:15; isdataat:!1,relative; content:"nixoid.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421875/; classtype:trojan-activity;sid:81284975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421874)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/oanf682/"; http_uri; depth:17; isdataat:!1,relative; content:"kompkon.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421874/; classtype:trojan-activity;sid:81284974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421873)"; flow:established,from_client; content:"GET"; http_method; content:"/eazylot.com/scviwfsxr/"; http_uri; depth:23; isdataat:!1,relative; content:"instamal.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421873/; classtype:trojan-activity;sid:81284973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421872)"; flow:established,from_client; content:"GET"; http_method; content:"/images/30v/"; http_uri; depth:12; isdataat:!1,relative; content:"bostonseafarms.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421872/; classtype:trojan-activity;sid:81284972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421871)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jl173/"; http_uri; depth:18; isdataat:!1,relative; content:"www.moverviseu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421871/; classtype:trojan-activity;sid:81284971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421870)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"179.179.36.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421870/; classtype:trojan-activity;sid:81284970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421869)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/file/57zm40646394379430olk0h96ebu/"; http_uri; depth:41; isdataat:!1,relative; content:"keistadweb.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421869/; classtype:trojan-activity;sid:81284969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421868)"; flow:established,from_client; content:"GET"; http_method; content:"/images/payment/bvc284030016506aving9wh6llfaqmc/"; http_uri; depth:48; isdataat:!1,relative; content:"kentsparkman.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421868/; classtype:trojan-activity;sid:81284968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421867)"; flow:established,from_client; content:"GET"; http_method; content:"/scan/7bty5xg/"; http_uri; depth:14; isdataat:!1,relative; content:"kereselidze.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421867/; classtype:trojan-activity;sid:81284967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421866)"; flow:established,from_client; content:"GET"; http_method; content:"/tfnx/reporting/"; http_uri; depth:16; isdataat:!1,relative; content:"kevincameron.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421866/; classtype:trojan-activity;sid:81284966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421865)"; flow:established,from_client; content:"GET"; http_method; content:"/8wzwqmkw"; http_uri; depth:9; isdataat:!1,relative; content:"horoscopelatae.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421865/; classtype:trojan-activity;sid:81284965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421864)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/og2n94859134863356kubxol0r0gyldf1ob6789/"; http_uri; depth:61; isdataat:!1,relative; content:"khaiy.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421864/; classtype:trojan-activity;sid:81284964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421863)"; flow:established,from_client; content:"GET"; http_method; content:"/john/file/"; http_uri; depth:11; isdataat:!1,relative; content:"keyesfamily.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421863/; classtype:trojan-activity;sid:81284963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421862)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/report/kbvlhu4o/g97827940366v7x8vn9crvlv50dkj/"; http_uri; depth:53; isdataat:!1,relative; content:"kevsun.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421862/; classtype:trojan-activity;sid:81284962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.157.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421861/; classtype:trojan-activity;sid:81284961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.117.188.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421860/; classtype:trojan-activity;sid:81284960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.183.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421859/; classtype:trojan-activity;sid:81284959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421858/; classtype:trojan-activity;sid:81284958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421857/; classtype:trojan-activity;sid:81284957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421856/; classtype:trojan-activity;sid:81284956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.88.102.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421855/; classtype:trojan-activity;sid:81284955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.45.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421854/; classtype:trojan-activity;sid:81284954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.199.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421853/; classtype:trojan-activity;sid:81284953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421852)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/1h91ljzmjm4rqbneapmgbsa75prwg8wavobeh-blna-o/pub"; http_uri; depth:60; isdataat:!1,relative; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421852/; classtype:trojan-activity;sid:81284952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421851)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.32.52.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421851/; classtype:trojan-activity;sid:81284951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421850)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"179.110.206.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421850/; classtype:trojan-activity;sid:81284950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421849)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.182.215.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421849/; classtype:trojan-activity;sid:81284949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421848)"; flow:established,from_client; content:"GET"; http_method; content:"/logs/tqh/"; http_uri; depth:10; isdataat:!1,relative; content:"barkhone.ir"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421848/; classtype:trojan-activity;sid:81284948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421847)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/imc97lw278iw91398794/"; http_uri; depth:25; isdataat:!1,relative; content:"fericire.zamira.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421847/; classtype:trojan-activity;sid:81284947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421846)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/kuzfc658768/"; http_uri; depth:27; isdataat:!1,relative; content:"www.earnmoneynow.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421846/; classtype:trojan-activity;sid:81284946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421845)"; flow:established,from_client; content:"GET"; http_method; content:"/radio/cqdun43o75761/"; http_uri; depth:21; isdataat:!1,relative; content:"diavlos6.gr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421845/; classtype:trojan-activity;sid:81284945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421844)"; flow:established,from_client; content:"GET"; http_method; content:"/picaboud/images/4k9w0176085/"; http_uri; depth:29; isdataat:!1,relative; content:"binaboud.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421844/; classtype:trojan-activity;sid:81284944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421843)"; flow:established,from_client; content:"GET"; http_method; content:"/admin786/dgfyo/"; http_uri; depth:16; isdataat:!1,relative; content:"vtechnocrat.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421843/; classtype:trojan-activity;sid:81284943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421842/; classtype:trojan-activity;sid:81284942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421841/; classtype:trojan-activity;sid:81284941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421840/; classtype:trojan-activity;sid:81284940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421839)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/no77z_k3_azs/"; http_uri; depth:23; isdataat:!1,relative; content:"bartboutens.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421839/; classtype:trojan-activity;sid:81284939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421838)"; flow:established,from_client; content:"GET"; http_method; content:"/videos/4wl_0q0m_g61c3/"; http_uri; depth:23; isdataat:!1,relative; content:"whatsappsenderpro.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421838/; classtype:trojan-activity;sid:81284938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421837)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ha_s5_3wf/"; http_uri; depth:20; isdataat:!1,relative; content:"webappbr.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421837/; classtype:trojan-activity;sid:81284937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421836)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xrmq_7ug_ttv/"; http_uri; depth:25; isdataat:!1,relative; content:"www.cotrafina.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421836/; classtype:trojan-activity;sid:81284936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421835)"; flow:established,from_client; content:"GET"; http_method; content:"/public/iu1c_vtucu_ruec/"; http_uri; depth:24; isdataat:!1,relative; content:"amventas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421835/; classtype:trojan-activity;sid:81284935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421834/; classtype:trojan-activity;sid:81284934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421833/; classtype:trojan-activity;sid:81284933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421832/; classtype:trojan-activity;sid:81284932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421831)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421831/; classtype:trojan-activity;sid:81284931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421830)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421830/; classtype:trojan-activity;sid:81284930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421829/; classtype:trojan-activity;sid:81284929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421828)"; flow:established,from_client; content:"GET"; http_method; content:"/_bordershacked/hacked/czji/"; http_uri; depth:28; isdataat:!1,relative; content:"ebe.dk"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421828/; classtype:trojan-activity;sid:81284928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421827)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421827/; classtype:trojan-activity;sid:81284927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421826/; classtype:trojan-activity;sid:81284926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421825)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421825/; classtype:trojan-activity;sid:81284925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421824/; classtype:trojan-activity;sid:81284924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421823/; classtype:trojan-activity;sid:81284923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421822)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-keys.php"; http_uri; depth:12; isdataat:!1,relative; content:"xingfa.storeminhduong.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421822/; classtype:trojan-activity;sid:81284922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421821/; classtype:trojan-activity;sid:81284921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421820/; classtype:trojan-activity;sid:81284920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421819/; classtype:trojan-activity;sid:81284919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421818/; classtype:trojan-activity;sid:81284918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421817/; classtype:trojan-activity;sid:81284917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421816/; classtype:trojan-activity;sid:81284916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421815)"; flow:established,from_client; content:"GET"; http_method; content:"/_bordershacked/hacked/gwsnk-wgkb2u6b6iwwmcy_tbyeojxk-kgb/"; http_uri; depth:58; isdataat:!1,relative; content:"ebe.dk"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421815/; classtype:trojan-activity;sid:81284915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421814)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/"; http_uri; depth:17; isdataat:!1,relative; content:"bendys.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421814/; classtype:trojan-activity;sid:81284914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421813)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/skanda/thursbisquit.exe"; http_uri; depth:42; isdataat:!1,relative; content:"14cam.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421813/; classtype:trojan-activity;sid:81284913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421812)"; flow:established,from_client; content:"GET"; http_method; content:"/ajd/invoice/mpze2u9/"; http_uri; depth:21; isdataat:!1,relative; content:"www.gammatron.com.au"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421812/; classtype:trojan-activity;sid:81284912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421811)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/"; http_uri; depth:17; isdataat:!1,relative; content:"www.bendys.com.au"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421811/; classtype:trojan-activity;sid:81284911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"45.143.223.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421810/; classtype:trojan-activity;sid:81284910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421809)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"164.90.224.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421809/; classtype:trojan-activity;sid:81284909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.x86"; http_uri; depth:23; isdataat:!1,relative; content:"103.1.187.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421808/; classtype:trojan-activity;sid:81284908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"165.22.198.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421807/; classtype:trojan-activity;sid:81284907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"192.3.194.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421806/; classtype:trojan-activity;sid:81284906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421805)"; flow:established,from_client; content:"GET"; http_method; content:"/oke_qrerqi1.bin"; http_uri; depth:16; isdataat:!1,relative; content:"seedwellresources.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421805/; classtype:trojan-activity;sid:81284905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421804)"; flow:established,from_client; content:"GET"; http_method; content:"/website.irenicinternational.in/fftf/"; http_uri; depth:37; isdataat:!1,relative; content:"irenicinternational.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421804/; classtype:trojan-activity;sid:81284904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421803)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/yxar/"; http_uri; depth:14; isdataat:!1,relative; content:"rhema.com.sg"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421803/; classtype:trojan-activity;sid:81284903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421802)"; flow:established,from_client; content:"GET"; http_method; content:"/_bordershacked/open_zone/security_area/b2jys09lmne9_7x511w3242360/"; http_uri; depth:67; isdataat:!1,relative; content:"ebe.dk"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421802/; classtype:trojan-activity;sid:81284902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421801)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/3y_m0cbe_lpgoj7z/"; http_uri; depth:26; isdataat:!1,relative; content:"librero.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421801/; classtype:trojan-activity;sid:81284901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421800)"; flow:established,from_client; content:"GET"; http_method; content:"/antiguo/hlm9k565/"; http_uri; depth:18; isdataat:!1,relative; content:"www.inkarainbow.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421800/; classtype:trojan-activity;sid:81284900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421799)"; flow:established,from_client; content:"GET"; http_method; content:"/light_php/5qj6/"; http_uri; depth:16; isdataat:!1,relative; content:"www.bladimirindustrial.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421799/; classtype:trojan-activity;sid:81284899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421798)"; flow:established,from_client; content:"GET"; http_method; content:"/images/xodbxe0x6/"; http_uri; depth:18; isdataat:!1,relative; content:"www.cankoc.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421798/; classtype:trojan-activity;sid:81284898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421797)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/4no/"; http_uri; depth:14; isdataat:!1,relative; content:"deegit.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421797/; classtype:trojan-activity;sid:81284897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421796)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/dbkl403/"; http_uri; depth:21; isdataat:!1,relative; content:"www.fedaicoskun.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421796/; classtype:trojan-activity;sid:81284896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421795)"; flow:established,from_client; content:"GET"; http_method; content:"/thisshit"; http_uri; depth:9; isdataat:!1,relative; content:"preoccupationology.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421795/; classtype:trojan-activity;sid:81284895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421794)"; flow:established,from_client; content:"GET"; http_method; content:"/nizis.txt"; http_uri; depth:10; isdataat:!1,relative; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421794/; classtype:trojan-activity;sid:81284894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421793)"; flow:established,from_client; content:"GET"; http_method; content:"/scan_invoice00000002020233.rev"; http_uri; depth:31; isdataat:!1,relative; content:"kandiieshair.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421793/; classtype:trojan-activity;sid:81284893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421792)"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=18ee3d7ea90176b1|7c|26|7c|resid=18ee3d7ea90176b1%21225|7c|26|7c|authkey=aje5_6by8zdua_i"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421792/; classtype:trojan-activity;sid:81284892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421791)"; flow:established,from_client; content:"GET"; http_method; content:"/file/s2uz2ekvd6zj5es/odeme_belgesi.7z/file"; http_uri; depth:43; isdataat:!1,relative; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421791/; classtype:trojan-activity;sid:81284891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421790)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"125.128.163.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421790/; classtype:trojan-activity;sid:81284890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421789)"; flow:established,from_client; content:"GET"; http_method; content:"/simonxz/simonxz.exe"; http_uri; depth:20; isdataat:!1,relative; content:"abass.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421789/; classtype:trojan-activity;sid:81284889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421788)"; flow:established,from_client; content:"GET"; http_method; content:"/pi/ag7u8kavgsbct6d.exe"; http_uri; depth:23; isdataat:!1,relative; content:"biz9holdings.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421788/; classtype:trojan-activity;sid:81284888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421787)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.127.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421787/; classtype:trojan-activity;sid:81284887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.242.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421786/; classtype:trojan-activity;sid:81284886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.82.249.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421785/; classtype:trojan-activity;sid:81284885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.55.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421784/; classtype:trojan-activity;sid:81284884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.101.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421783/; classtype:trojan-activity;sid:81284883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.38.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421782/; classtype:trojan-activity;sid:81284882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.149.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421781/; classtype:trojan-activity;sid:81284881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421780)"; flow:established,from_client; content:"GET"; http_method; content:"/own.exe"; http_uri; depth:8; isdataat:!1,relative; content:"gaytanconstructioninc.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421780/; classtype:trojan-activity;sid:81284880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421779)"; flow:established,from_client; content:"GET"; http_method; content:"/y4m93nloo7_wzznkvuyoqtlqaz0njgjgmmk3qtmran168sbeuex-hyvdxek5rozanaptwpspjfsehklwu_mywddgobrjceiaspno57p1-qni9o-hcaeisp1b-qxzlggdewu6xrooelkpqbtclnnl3slts9y9wyh-ymvzzpo2xa476_omd1kxpgqj1qz-u7tzynycwhb_pka4kroo_23lhbvkq/tt%20copy.zdownload|7c|26|7c|psid=1"; http_uri; depth:254; isdataat:!1,relative; content:"p6lstq.am.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421779/; classtype:trojan-activity;sid:81284879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421778)"; flow:established,from_client; content:"GET"; http_method; content:"/dutchphotozone/ludz/"; http_uri; depth:21; isdataat:!1,relative; content:"witje.be"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421778/; classtype:trojan-activity;sid:81284878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421777)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"177.141.39.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421777/; classtype:trojan-activity;sid:81284877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421775)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/order%20po101%20c71.zip"; http_uri; depth:34; isdataat:!1,relative; content:"dbsktoporder.yolasite.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421775/; classtype:trojan-activity;sid:81284875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421774)"; flow:established,from_client; content:"GET"; http_method; content:"/v3wfh/setup/silverlight5.exe"; http_uri; depth:29; isdataat:!1,relative; content:"01.shgrasp.vip"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421774/; classtype:trojan-activity;sid:81284874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421773)"; flow:established,from_client; content:"GET"; http_method; content:"/v3wfh/setup/silverlight5.exe"; http_uri; depth:29; isdataat:!1,relative; content:"01.shgrasp.vip"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421773/; classtype:trojan-activity;sid:81284873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421772)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm"; http_uri; depth:35; isdataat:!1,relative; content:"37.49.224.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421772/; classtype:trojan-activity;sid:81284872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421771)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm7"; http_uri; depth:36; isdataat:!1,relative; content:"37.49.224.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421771/; classtype:trojan-activity;sid:81284871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421770)"; flow:established,from_client; content:"GET"; http_method; content:"/site/hdg-gux-5698/"; http_uri; depth:19; isdataat:!1,relative; content:"www.lojajosemar.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421770/; classtype:trojan-activity;sid:81284870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421769)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hmy-a6-390220/"; http_uri; depth:26; isdataat:!1,relative; content:"uniteddatabase.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421769/; classtype:trojan-activity;sid:81284869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421768)"; flow:established,from_client; content:"GET"; http_method; content:"/v3mzw/setup/%e4%bb%bb%e6%88%91%e8%a1%8c%e6%b5%8f%e8%a7%88%e5%99%a8.exe"; http_uri; depth:71; isdataat:!1,relative; content:"01.shgrasp.vip"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421768/; classtype:trojan-activity;sid:81284868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421767)"; flow:established,from_client; content:"GET"; http_method; content:"/iwkazka//"; http_uri; depth:10; isdataat:!1,relative; content:"www.rsplot.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421767/; classtype:trojan-activity;sid:81284867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421766)"; flow:established,from_client; content:"GET"; http_method; content:"/old/eobppcj/"; http_uri; depth:13; isdataat:!1,relative; content:"nuwagi.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421766/; classtype:trojan-activity;sid:81284866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421765)"; flow:established,from_client; content:"GET"; http_method; content:"/mail/srxxqv/"; http_uri; depth:13; isdataat:!1,relative; content:"ngcdfkibra.go.ke"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421765/; classtype:trojan-activity;sid:81284865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421764)"; flow:established,from_client; content:"GET"; http_method; content:"/lcradioetv/4x1x5u-21i-7655/"; http_uri; depth:28; isdataat:!1,relative; content:"hostmelodia.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421764/; classtype:trojan-activity;sid:81284864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421763)"; flow:established,from_client; content:"GET"; http_method; content:"/iantipodes/o0pa-2x8u-921938/"; http_uri; depth:29; isdataat:!1,relative; content:"herms.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421763/; classtype:trojan-activity;sid:81284863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421762)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/tp-yjf18-85615/"; http_uri; depth:24; isdataat:!1,relative; content:"commercedusud.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421762/; classtype:trojan-activity;sid:81284862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421761)"; flow:established,from_client; content:"GET"; http_method; content:"/redirectsig=f88a745272587f579e8ce173b9952c32f161eb9733ec249031b854898cd62375|7c|26|7c|url=ahr0cdovl2rhbmlydmlucghvdg9ncmfwahkuy29tl3dlzgrpbmcvrklmrs94ohp5nm9nni8=|7c|26|7c|platform=desktop|7c|26|7c|brand=wp/"; http_uri; depth:208; isdataat:!1,relative; content:"zasobygwp.pl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421761/; classtype:trojan-activity;sid:81284861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421760)"; flow:established,from_client; content:"GET"; http_method; content:"/img/eccgtgg/xnrrl340046272572dvmdyu8twrre46czm6vz/|7c|3b|7c|/"; http_uri; depth:62; isdataat:!1,relative; content:"flamesofrichmond.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421760/; classtype:trojan-activity;sid:81284860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421759)"; flow:established,from_client; content:"GET"; http_method; content:"/shoock/file/"; http_uri; depth:13; isdataat:!1,relative; content:"viportal.co"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421759/; classtype:trojan-activity;sid:81284859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421758)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/inc/toqn40xxa/3dymlsk3665192952125550346k0hx52auspx56deh/"; http_uri; depth:66; isdataat:!1,relative; content:"vasinfo.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421758/; classtype:trojan-activity;sid:81284858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421757)"; flow:established,from_client; content:"GET"; http_method; content:"/system/reporting/8g1986539134vsifajldytp3h/"; http_uri; depth:44; isdataat:!1,relative; content:"teploservis.info"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421757/; classtype:trojan-activity;sid:81284857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421756)"; flow:established,from_client; content:"GET"; http_method; content:"/css/scan/9lutb0me/"; http_uri; depth:19; isdataat:!1,relative; content:"slanacom.si"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421756/; classtype:trojan-activity;sid:81284856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421755)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/inc/90z6a8mhmv/"; http_uri; depth:24; isdataat:!1,relative; content:"renkegitim.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421755/; classtype:trojan-activity;sid:81284855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421754)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/swift/"; http_uri; depth:10; isdataat:!1,relative; content:"mifaingenieros.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421754/; classtype:trojan-activity;sid:81284854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421753)"; flow:established,from_client; content:"GET"; http_method; content:"/mail/etrac/547jbn/"; http_uri; depth:19; isdataat:!1,relative; content:"lokeshullamkecskemet.hu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421753/; classtype:trojan-activity;sid:81284853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421752)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/52ud3r55h/"; http_uri; depth:20; isdataat:!1,relative; content:"kecsfila.hu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421752/; classtype:trojan-activity;sid:81284852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421751)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/s4crxbe969823987hzdz4bhkpgv06900r/"; http_uri; depth:55; isdataat:!1,relative; content:"graduasi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421751/; classtype:trojan-activity;sid:81284851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421750)"; flow:established,from_client; content:"GET"; http_method; content:"/logo/doc/ql0n5fu/e9pn1647457604mlskhssck1sju/"; http_uri; depth:46; isdataat:!1,relative; content:"fiberdyneqatar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421750/; classtype:trojan-activity;sid:81284850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421749)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/inc/tfcetku53/"; http_uri; depth:21; isdataat:!1,relative; content:"cittadivita.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421749/; classtype:trojan-activity;sid:81284849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421748)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/docs/a709cdyuc/"; http_uri; depth:28; isdataat:!1,relative; content:"cagev.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421748/; classtype:trojan-activity;sid:81284848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421747)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/rrxjpr/c22y0877995jcg2cdny5/"; http_uri; depth:44; isdataat:!1,relative; content:"bloomncare.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421747/; classtype:trojan-activity;sid:81284847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421746)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/favf513476009051607a7eqbocb0pg0w97/"; http_uri; depth:49; isdataat:!1,relative; content:"asrijeweler.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421746/; classtype:trojan-activity;sid:81284846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421745)"; flow:established,from_client; content:"GET"; http_method; content:"/style/h4lxhwm2zw_2etruvvhpo_1x2syzqyo_833oddln0w/special_warehouse/lykofahv7_z39si264aovxk/"; http_uri; depth:92; isdataat:!1,relative; content:"gjoweb.it"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421745/; classtype:trojan-activity;sid:81284845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421744)"; flow:established,from_client; content:"GET"; http_method; content:"/cc/c9zt997bbm35_kelmu_resource/interior_forum/rrz3wlvnf_78w8x0/"; http_uri; depth:64; isdataat:!1,relative; content:"casadorothea.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421744/; classtype:trojan-activity;sid:81284844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421743)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/multifunctional-zone/corporate-area/33739768-ngh9enok/"; http_uri; depth:71; isdataat:!1,relative; content:"bruset.no"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421743/; classtype:trojan-activity;sid:81284843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421742)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/private-b1pxu-bpyyzm3/lwm1o260shb-cdsu5t590era-ryik9kt-pd9l2ciooplieb/192817551-nzxgc6/"; http_uri; depth:96; isdataat:!1,relative; content:"bloodcreative.co.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421742/; classtype:trojan-activity;sid:81284842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421741)"; flow:established,from_client; content:"GET"; http_method; content:"/website.irenicinternational.in/fftf/"; http_uri; depth:37; isdataat:!1,relative; content:"irenicinternational.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421741/; classtype:trojan-activity;sid:81284841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421740)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qpds-5ub-25676/"; http_uri; depth:24; isdataat:!1,relative; content:"mcomlhr.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421740/; classtype:trojan-activity;sid:81284840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421739)"; flow:established,from_client; content:"GET"; http_method; content:"/site/hdg-gux-5698/"; http_uri; depth:19; isdataat:!1,relative; content:"lojajosemar.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421739/; classtype:trojan-activity;sid:81284839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421738)"; flow:established,from_client; content:"GET"; http_method; content:"/images/tmr21x-p55m-916118/"; http_uri; depth:27; isdataat:!1,relative; content:"grecoson.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421738/; classtype:trojan-activity;sid:81284838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421737)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/1arj7yzuc64148024/"; http_uri; depth:25; isdataat:!1,relative; content:"defiteqazerbaycan.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421737/; classtype:trojan-activity;sid:81284837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421736)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/egnicna/"; http_uri; depth:16; isdataat:!1,relative; content:"etawala.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421736/; classtype:trojan-activity;sid:81284836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421735)"; flow:established,from_client; content:"GET"; http_method; content:"/oqfaglcs/"; http_uri; depth:10; isdataat:!1,relative; content:"www.faulidi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421735/; classtype:trojan-activity;sid:81284835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421734)"; flow:established,from_client; content:"GET"; http_method; content:"/hospital/lowxvel44660441/"; http_uri; depth:26; isdataat:!1,relative; content:"cimsjr.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421734/; classtype:trojan-activity;sid:81284834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421733)"; flow:established,from_client; content:"GET"; http_method; content:"/asset/4z8qjblu71664/"; http_uri; depth:21; isdataat:!1,relative; content:"denizyahci.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421733/; classtype:trojan-activity;sid:81284833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421732)"; flow:established,from_client; content:"GET"; http_method; content:"/7.exe"; http_uri; depth:6; isdataat:!1,relative; content:"www.fileshare.fitestixi.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421732/; classtype:trojan-activity;sid:81284832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421731)"; flow:established,from_client; content:"GET"; http_method; content:"/7.exe"; http_uri; depth:6; isdataat:!1,relative; content:"fileshare.fitestixi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421731/; classtype:trojan-activity;sid:81284831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421730)"; flow:established,from_client; content:"GET"; http_method; content:"/dutchphotozone/ludz/"; http_uri; depth:21; isdataat:!1,relative; content:"witje.be"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421730/; classtype:trojan-activity;sid:81284830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421729)"; flow:established,from_client; content:"GET"; http_method; content:"/workfiles/1.exe"; http_uri; depth:16; isdataat:!1,relative; content:"fitestixi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421729/; classtype:trojan-activity;sid:81284829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421728)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sta/"; http_uri; depth:17; isdataat:!1,relative; content:"terichmir.com.pk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421728/; classtype:trojan-activity;sid:81284828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"140.240.92.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421727/; classtype:trojan-activity;sid:81284827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.25.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421726/; classtype:trojan-activity;sid:81284826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"139.170.175.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421725/; classtype:trojan-activity;sid:81284825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.52.120.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421724/; classtype:trojan-activity;sid:81284824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"94.43.10.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421723/; classtype:trojan-activity;sid:81284823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.110.171.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421722/; classtype:trojan-activity;sid:81284822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/421721/; classtype:trojan-activity;sid:81284821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421720)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"66.11.125.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421720/; classtype:trojan-activity;sid:81284820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421719)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ncj02fs-iwts6-070/"; http_uri; depth:26; isdataat:!1,relative; content:"mcsgroup.co"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421719/; classtype:trojan-activity;sid:81284819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421718)"; flow:established,from_client; content:"GET"; http_method; content:"/down.phpcf|7c|26|7c|i=my59dhhv|7c|26|7c|n=2562.xls"; http_uri; depth:51; isdataat:!1,relative; content:"fv2-2.failiem.lv"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421718/; classtype:trojan-activity;sid:81284818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421717)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"104.131.63.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421717/; classtype:trojan-activity;sid:81284817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421716)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"104.131.63.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421716/; classtype:trojan-activity;sid:81284816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421715)"; flow:established,from_client; content:"GET"; http_method; content:"/open-call/j4x9_rezdf_4/"; http_uri; depth:24; isdataat:!1,relative; content:"cgemtalent.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421715/; classtype:trojan-activity;sid:81284815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421714)"; flow:established,from_client; content:"GET"; http_method; content:"/site/ja_xek8_7k/"; http_uri; depth:17; isdataat:!1,relative; content:"atelierbrasilia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421714/; classtype:trojan-activity;sid:81284814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421713)"; flow:established,from_client; content:"GET"; http_method; content:"/ermelo/sk0vy_nln3_j8thtzh3ia/"; http_uri; depth:30; isdataat:!1,relative; content:"ative.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421713/; classtype:trojan-activity;sid:81284813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421712)"; flow:established,from_client; content:"GET"; http_method; content:"/site2/br_o_0f7t/"; http_uri; depth:17; isdataat:!1,relative; content:"www.spiidgas.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421712/; classtype:trojan-activity;sid:81284812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421711)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/kif_srz5e_dxo7rqa5k/"; http_uri; depth:29; isdataat:!1,relative; content:"www.cistilniservis-t530.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421711/; classtype:trojan-activity;sid:81284811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"115.79.4.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421710/; classtype:trojan-activity;sid:81284810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421709)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-keys.php"; http_uri; depth:12; isdataat:!1,relative; content:"wordpress-181852-1257106.cloudwaysapps.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421709/; classtype:trojan-activity;sid:81284809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421708)"; flow:established,from_client; content:"GET"; http_method; content:"/staging/7muem-163-8821/"; http_uri; depth:24; isdataat:!1,relative; content:"www.gorestruly.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421708/; classtype:trojan-activity;sid:81284808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421707)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/obagmm/"; http_uri; depth:19; isdataat:!1,relative; content:"slservicebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421707/; classtype:trojan-activity;sid:81284807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421706)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vmaels/"; http_uri; depth:17; isdataat:!1,relative; content:"kewcorp.ca"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421706/; classtype:trojan-activity;sid:81284806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421705)"; flow:established,from_client; content:"GET"; http_method; content:"/-/private_array/additional_2033180068_bnyecms6j/6t687qk0c484rm_21s14x17v58/"; http_uri; depth:76; isdataat:!1,relative; content:"briffe.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421705/; classtype:trojan-activity;sid:81284805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421704)"; flow:established,from_client; content:"GET"; http_method; content:"/uplifting/closed_2mhojk97t_zx1pelecg/test_iun0ooag5_hhpjdxrb9/ykvzqyouej_ig950auyk324///"; http_uri; depth:89; isdataat:!1,relative; content:"monom.si"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421704/; classtype:trojan-activity;sid:81284804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421703)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/c8w2-zoxen-545560/"; http_uri; depth:30; isdataat:!1,relative; content:"www.topsmartmobile.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421703/; classtype:trojan-activity;sid:81284803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421702)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/dk/"; http_uri; depth:12; isdataat:!1,relative; content:"wwpayday.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421702/; classtype:trojan-activity;sid:81284802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421701)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kh9-nhd-95338/"; http_uri; depth:24; isdataat:!1,relative; content:"www.agacenter.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421701/; classtype:trojan-activity;sid:81284801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421700)"; flow:established,from_client; content:"GET"; http_method; content:"/components/uclc11dn-ol-126718/"; http_uri; depth:31; isdataat:!1,relative; content:"perfectprint.gr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421700/; classtype:trojan-activity;sid:81284800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421699)"; flow:established,from_client; content:"GET"; http_method; content:"/ls/clickupn=3ohpzrh-2farvk4fujv0yaqv-2fewek3msjzueubid7ytydawnch7-2be1pkssepbe-2bprfq2ke_rdiswbltrhozcfvwkqdvzhrnicgjhownocedn5oj-2fb-2bt1tkf7fujq0yirgnwilqcdthia-2fqekohprxt-2frv5e9ogwtpyxz0-2bvwgswaiqlo0qe6q1zzk7gyqgxsc2qzzybho2r3tqsvi42q805-2bo9acnxfmskaanqpszwadx6tcch7l1sqhxqea4kfld5zkv-2b3inut0xcbrpq2kdbhv7hkperl3tgkx0onbwsf4wkzp3m-3d/"; http_uri; depth:343; isdataat:!1,relative; content:"u14633768.ct.sendgrid.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421699/; classtype:trojan-activity;sid:81284799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421698)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/2444566464631-5cku4xivhr01m-sector/external-profile/jufa2nawalc0-xz548ws9y93/"; http_uri; depth:86; isdataat:!1,relative; content:"orohass.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421698/; classtype:trojan-activity;sid:81284798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"88.29.99.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421697/; classtype:trojan-activity;sid:81284797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421696)"; flow:established,from_client; content:"GET"; http_method; content:"/css/c7hg-plc-556216/"; http_uri; depth:21; isdataat:!1,relative; content:"meettheharrells.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421696/; classtype:trojan-activity;sid:81284796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421695)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ygnzrf/"; http_uri; depth:16; isdataat:!1,relative; content:"www.wak.co.ke"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421695/; classtype:trojan-activity;sid:81284795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421694)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"180.176.34.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421694/; classtype:trojan-activity;sid:81284794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421693)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/u7j4k8pt-w7o-293/"; http_uri; depth:30; isdataat:!1,relative; content:"bmfestas.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421693/; classtype:trojan-activity;sid:81284793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421692)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/srj3rxy/"; http_uri; depth:17; isdataat:!1,relative; content:"shadarabia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421692/; classtype:trojan-activity;sid:81284792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421691)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/invoice/"; http_uri; depth:17; isdataat:!1,relative; content:"www.bendys.com.au"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421691/; classtype:trojan-activity;sid:81284791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421690)"; flow:established,from_client; content:"GET"; http_method; content:"/033535250-hn6immwywxeq6cn9-disk/verified-space/lmhmjfvlbwto-z9ldn853md7b/"; http_uri; depth:74; isdataat:!1,relative; content:"grandautosalon.pl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421690/; classtype:trojan-activity;sid:81284790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421689)"; flow:established,from_client; content:"GET"; http_method; content:"/browse/"; http_uri; depth:8; isdataat:!1,relative; content:"sheilasteinfeld.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421689/; classtype:trojan-activity;sid:81284789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421688)"; flow:established,from_client; content:"GET"; http_method; content:"/nova/balance/9v68wheh//"; http_uri; depth:24; isdataat:!1,relative; content:"smartlogo.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421688/; classtype:trojan-activity;sid:81284788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421687)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/"; http_uri; depth:22; isdataat:!1,relative; content:"niaayuningimandari.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421687/; classtype:trojan-activity;sid:81284787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421686)"; flow:established,from_client; content:"GET"; http_method; content:"/lm/pa1b3du7h/"; http_uri; depth:14; isdataat:!1,relative; content:"smmboster.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421686/; classtype:trojan-activity;sid:81284786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421685)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/9100092/"; http_uri; depth:17; isdataat:!1,relative; content:"logisafe.com.mx"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421685/; classtype:trojan-activity;sid:81284785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421684)"; flow:established,from_client; content:"GET"; http_method; content:"/css/report/mbaxq6z535/"; http_uri; depth:23; isdataat:!1,relative; content:"henseldesign.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421684/; classtype:trojan-activity;sid:81284784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421683)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/641103991036/6zq71964877680747aj2viz2qlcgikqz2/"; http_uri; depth:60; isdataat:!1,relative; content:"wedif.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421683/; classtype:trojan-activity;sid:81284783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421682)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/d8teb_n0v0h_dm0uyok/"; http_uri; depth:30; isdataat:!1,relative; content:"www.oxahaus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421682/; classtype:trojan-activity;sid:81284782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421681)"; flow:established,from_client; content:"GET"; http_method; content:"/img/hvglv_hay_35sacodg/"; http_uri; depth:24; isdataat:!1,relative; content:"www.najcosmetics.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421681/; classtype:trojan-activity;sid:81284781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421680)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/12x_jaaq_o3/"; http_uri; depth:22; isdataat:!1,relative; content:"www.dunnriteplumbing.ca"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421680/; classtype:trojan-activity;sid:81284780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421679)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/k_fhsvc_wni2zxzrc/"; http_uri; depth:28; isdataat:!1,relative; content:"scoenuganda.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421679/; classtype:trojan-activity;sid:81284779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421678)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/3y_m0cbe_lpgoj7z/"; http_uri; depth:26; isdataat:!1,relative; content:"www.librero.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421678/; classtype:trojan-activity;sid:81284778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421677)"; flow:established,from_client; content:"GET"; http_method; content:"/www/multifunctional_9iockb49o0_80xmr2i2/test_warehouse/4113079484_v6mizi4xbl/"; http_uri; depth:78; isdataat:!1,relative; content:"bosisio.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421677/; classtype:trojan-activity;sid:81284777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421676)"; flow:established,from_client; content:"GET"; http_method; content:"/vqgen/iwc7s2i/"; http_uri; depth:15; isdataat:!1,relative; content:"sokouganda.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421676/; classtype:trojan-activity;sid:81284776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421675)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/u7lh-oe-265/"; http_uri; depth:22; isdataat:!1,relative; content:"campanus.cz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421675/; classtype:trojan-activity;sid:81284775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421674)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lm/lj8j48b423493010mtoucq0ewi5p8/"; http_uri; depth:42; isdataat:!1,relative; content:"www.muebleslostroncos.cl"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421674/; classtype:trojan-activity;sid:81284774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421673)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"213.60.249.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421673/; classtype:trojan-activity;sid:81284773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421672)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/j5b2dg5-bcviq-67696/"; http_uri; depth:33; isdataat:!1,relative; content:"carinebelzon.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421672/; classtype:trojan-activity;sid:81284772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421671)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/private-qvmcidg-5wbynxnp6vou/test-m0d8qa-ud5gq/ahl6wkor-npisjcfnloel32/"; http_uri; depth:80; isdataat:!1,relative; content:"revistajanelavip.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421671/; classtype:trojan-activity;sid:81284771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421670)"; flow:established,from_client; content:"GET"; http_method; content:"/swf/reporting/"; http_uri; depth:15; isdataat:!1,relative; content:"binaghetta.it"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421670/; classtype:trojan-activity;sid:81284770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421669)"; flow:established,from_client; content:"GET"; http_method; content:"/hidden/etrac/a53sbr/"; http_uri; depth:21; isdataat:!1,relative; content:"mcgrafica.it"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421669/; classtype:trojan-activity;sid:81284769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421668)"; flow:established,from_client; content:"GET"; http_method; content:"/disputecaseb563096067.csv"; http_uri; depth:26; isdataat:!1,relative; content:"www.fileshare.fitestixi.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421668/; classtype:trojan-activity;sid:81284768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.47.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421667/; classtype:trojan-activity;sid:81284767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421666/; classtype:trojan-activity;sid:81284766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"77.43.231.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421665/; classtype:trojan-activity;sid:81284765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.45.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421664/; classtype:trojan-activity;sid:81284764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421663/; classtype:trojan-activity;sid:81284763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.179.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421662/; classtype:trojan-activity;sid:81284762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421661/; classtype:trojan-activity;sid:81284761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.179.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421660/; classtype:trojan-activity;sid:81284760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.209.99.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421659/; classtype:trojan-activity;sid:81284759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.71.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421658/; classtype:trojan-activity;sid:81284758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.52.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421657/; classtype:trojan-activity;sid:81284757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.188.82.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421656/; classtype:trojan-activity;sid:81284756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421655)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/closed_disk/verifiable_cloud/zieuauznkg74_afdldkmku2h/"; http_uri; depth:66; isdataat:!1,relative; content:"vaap.us"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421655/; classtype:trojan-activity;sid:81284755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421654)"; flow:established,from_client; content:"GET"; http_method; content:"/nbproject/lm/"; http_uri; depth:14; isdataat:!1,relative; content:"exprimidor.cl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421654/; classtype:trojan-activity;sid:81284754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421653)"; flow:established,from_client; content:"GET"; http_method; content:"/new/open_array/security_trnypl_63cg28ifkyp/01wtdx4_5tw1/"; http_uri; depth:57; isdataat:!1,relative; content:"chunkagency.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421653/; classtype:trojan-activity;sid:81284753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421652)"; flow:established,from_client; content:"GET"; http_method; content:"/css/zgqvti-o8ihp-797640/"; http_uri; depth:25; isdataat:!1,relative; content:"valleyinsurancepro.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421652/; classtype:trojan-activity;sid:81284752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421651)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.142.118.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421651/; classtype:trojan-activity;sid:81284751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421650)"; flow:established,from_client; content:"GET"; http_method; content:"/erros/90vuv55-glioy-6317/"; http_uri; depth:26; isdataat:!1,relative; content:"ipirangaonline.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421650/; classtype:trojan-activity;sid:81284750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421649)"; flow:established,from_client; content:"GET"; http_method; content:"/js/y5jt1v9-2971-13/"; http_uri; depth:20; isdataat:!1,relative; content:"houseci.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421649/; classtype:trojan-activity;sid:81284749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421648)"; flow:established,from_client; content:"GET"; http_method; content:"/shell/j5-saawm-22120/"; http_uri; depth:22; isdataat:!1,relative; content:"ruateresaonline.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421648/; classtype:trojan-activity;sid:81284748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421647)"; flow:established,from_client; content:"GET"; http_method; content:"/images/85127080508-2u4nmxdkz-array/test-wsgpid-gqr4ygwl234/u9f3-7z21y7utys/"; http_uri; depth:76; isdataat:!1,relative; content:"www.ledvinaphotography.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421647/; classtype:trojan-activity;sid:81284747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421646)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cpdio/"; http_uri; depth:18; isdataat:!1,relative; content:"centeklabs.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421646/; classtype:trojan-activity;sid:81284746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421645)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.40.118.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421645/; classtype:trojan-activity;sid:81284745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421644)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/oqmpggkky/"; http_uri; depth:19; isdataat:!1,relative; content:"flgmedia.nl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421644/; classtype:trojan-activity;sid:81284744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421643)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ik5t-qh5lmal16-sector/individual-area/qk5da703y-qdslkggx9mbsm/"; http_uri; depth:72; isdataat:!1,relative; content:"lddb.org.pk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421643/; classtype:trojan-activity;sid:81284743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421642)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/symncd/"; http_uri; depth:16; isdataat:!1,relative; content:"yusufpaintings.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421642/; classtype:trojan-activity;sid:81284742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421641)"; flow:established,from_client; content:"GET"; http_method; content:"/img/hct998/"; http_uri; depth:12; isdataat:!1,relative; content:"yumiwong.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421641/; classtype:trojan-activity;sid:81284741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421640)"; flow:established,from_client; content:"GET"; http_method; content:"/connectors/0u9462/"; http_uri; depth:19; isdataat:!1,relative; content:"www.ymdc786.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421640/; classtype:trojan-activity;sid:81284740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421639)"; flow:established,from_client; content:"GET"; http_method; content:"/site/uhaa7627/"; http_uri; depth:15; isdataat:!1,relative; content:"iberfoods.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421639/; classtype:trojan-activity;sid:81284739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421638)"; flow:established,from_client; content:"GET"; http_method; content:"/upd6c443/"; http_uri; depth:10; isdataat:!1,relative; content:"iclebyte.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421638/; classtype:trojan-activity;sid:81284738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421637)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/available_lihaqixza_8dl0rucn7m6p9/individual_warehouse/805181320758_y46fojj/"; http_uri; depth:83; isdataat:!1,relative; content:"floow.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421637/; classtype:trojan-activity;sid:81284737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421636)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/open_sector/special_portal/8rnbrpi1_8yy51ws4/"; http_uri; depth:53; isdataat:!1,relative; content:"omkarcreative.co.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421636/; classtype:trojan-activity;sid:81284736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421635)"; flow:established,from_client; content:"GET"; http_method; content:"/images/v6anvl-yyp-5644/"; http_uri; depth:24; isdataat:!1,relative; content:"birosthalittc.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421635/; classtype:trojan-activity;sid:81284735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421634)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/protected-mocltto-lllxmrpzva/test-area/gmzthcd3oo-kfnknnm1aug2g0/"; http_uri; depth:74; isdataat:!1,relative; content:"www.shadarabia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421634/; classtype:trojan-activity;sid:81284734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421633)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/docs/v7cvvw9wafq/"; http_uri; depth:27; isdataat:!1,relative; content:"vidiantec.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421633/; classtype:trojan-activity;sid:81284733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421632)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/mxb2q2bj-4vi1-041/"; http_uri; depth:27; isdataat:!1,relative; content:"ezratisrael.org.il"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421632/; classtype:trojan-activity;sid:81284732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421631)"; flow:established,from_client; content:"GET"; http_method; content:"/images/public/mbr3it650632v1q6ln390dze7w/"; http_uri; depth:42; isdataat:!1,relative; content:"almgaard.nl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421631/; classtype:trojan-activity;sid:81284731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421630)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/lm/hdjsoa6j/"; http_uri; depth:21; isdataat:!1,relative; content:"atsyemek.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421630/; classtype:trojan-activity;sid:81284730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421629)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/wibb/"; http_uri; depth:14; isdataat:!1,relative; content:"ezratisrael.org.il"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421629/; classtype:trojan-activity;sid:81284729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421628)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/balance/"; http_uri; depth:17; isdataat:!1,relative; content:"arpaco.com.pk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421628/; classtype:trojan-activity;sid:81284728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421627)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/reporting/vq4aunqf/"; http_uri; depth:28; isdataat:!1,relative; content:"bremessi.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421627/; classtype:trojan-activity;sid:81284727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421626)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/multifunctional-section/corporate-warehouse/873955838570-ndrzvdgktl3zda/"; http_uri; depth:81; isdataat:!1,relative; content:"aeroasia-interior.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421626/; classtype:trojan-activity;sid:81284726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421625)"; flow:established,from_client; content:"GET"; http_method; content:"/uplifting/closed_2mhojk97t_zx1pelecg/test_iun0ooag5_hhpjdxrb9/ykvzqyouej_ig950auyk324/"; http_uri; depth:87; isdataat:!1,relative; content:"monom.si"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421625/; classtype:trojan-activity;sid:81284725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421624)"; flow:established,from_client; content:"GET"; http_method; content:"/2123773_tgmtfxhtls_section/corporate_forum/m5gu6vsb4_66t2551u0944u/"; http_uri; depth:68; isdataat:!1,relative; content:"szoboszlorhinos.hu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421624/; classtype:trojan-activity;sid:81284724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421623)"; flow:established,from_client; content:"GET"; http_method; content:"/personal_sector/test_area/4nj0jbvpzay_vaygi20pm/"; http_uri; depth:49; isdataat:!1,relative; content:"radiacaoweb.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421623/; classtype:trojan-activity;sid:81284723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/private-sector/verifiable-4h65tj-k4jeqcyssqjo/tpp-4y9vz95z1y/"; http_uri; depth:66; isdataat:!1,relative; content:"www.doubledog.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421622/; classtype:trojan-activity;sid:81284722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421621)"; flow:established,from_client; content:"GET"; http_method; content:"/jscripts/multifunctional-995252059-lb3dqxa8ip46rrf2/verifiable-area/38389030029-nwgsfapyiqnn4hbl/"; http_uri; depth:98; isdataat:!1,relative; content:"alarmnet.ph"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421621/; classtype:trojan-activity;sid:81284721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421620)"; flow:established,from_client; content:"GET"; http_method; content:"/done/page/css/bgvlnukh/"; http_uri; depth:24; isdataat:!1,relative; content:"imaspro.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421620/; classtype:trojan-activity;sid:81284720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421619)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.107.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421619/; classtype:trojan-activity;sid:81284719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421618)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.107.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421618/; classtype:trojan-activity;sid:81284718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421617)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/f0ec3r336527547211143lwnb825q4gmnb3d/"; http_uri; depth:52; isdataat:!1,relative; content:"imammaliktetouan.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421617/; classtype:trojan-activity;sid:81284717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421616)"; flow:established,from_client; content:"GET"; http_method; content:"/ar/payment/lvat7ei2tf1/"; http_uri; depth:24; isdataat:!1,relative; content:"aistidafa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421616/; classtype:trojan-activity;sid:81284716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421615)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/payment/y3fc6ub1w6/z652607lc2kxgxxjkuq5/"; http_uri; depth:48; isdataat:!1,relative; content:"c0140529.ferozo.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421615/; classtype:trojan-activity;sid:81284715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421614)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/"; http_uri; depth:17; isdataat:!1,relative; content:"frontlyeadinternationalschools.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421614/; classtype:trojan-activity;sid:81284714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421613)"; flow:established,from_client; content:"GET"; http_method; content:"/css/browse/"; http_uri; depth:12; isdataat:!1,relative; content:"mitrausahacontrucion.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421613/; classtype:trojan-activity;sid:81284713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421612)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/documentation/c2888953404626u50nzzeqecfagwml2jrlf7/"; http_uri; depth:68; isdataat:!1,relative; content:"devaux.ch"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421612/; classtype:trojan-activity;sid:81284712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421611)"; flow:established,from_client; content:"GET"; http_method; content:"/aci/document/dqg717m1/"; http_uri; depth:23; isdataat:!1,relative; content:"aci.serabd.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421611/; classtype:trojan-activity;sid:81284711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421610)"; flow:established,from_client; content:"GET"; http_method; content:"/test/llc/"; http_uri; depth:10; isdataat:!1,relative; content:"essand.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421610/; classtype:trojan-activity;sid:81284710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421609)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/f9vfq3/"; http_uri; depth:16; isdataat:!1,relative; content:"orionexpresso.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421609/; classtype:trojan-activity;sid:81284709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421608)"; flow:established,from_client; content:"GET"; http_method; content:"/install/cqblnc/"; http_uri; depth:16; isdataat:!1,relative; content:"yeumoitruong.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421608/; classtype:trojan-activity;sid:81284708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421607)"; flow:established,from_client; content:"GET"; http_method; content:"/2016/olj/"; http_uri; depth:10; isdataat:!1,relative; content:"groovability.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421607/; classtype:trojan-activity;sid:81284707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421606)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ljs/"; http_uri; depth:16; isdataat:!1,relative; content:"botamotocross.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421606/; classtype:trojan-activity;sid:81284706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421605)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/kg/"; http_uri; depth:12; isdataat:!1,relative; content:"forexshifu.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421605/; classtype:trojan-activity;sid:81284705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421604)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/overview/"; http_uri; depth:18; isdataat:!1,relative; content:"asomevenar.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421604/; classtype:trojan-activity;sid:81284704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421603)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cl/"; http_uri; depth:13; isdataat:!1,relative; content:"jamarhomecareinc.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421603/; classtype:trojan-activity;sid:81284703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421602)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/report/kfc8w7hl1x/28s9x127186939rchimo8zpwg/"; http_uri; depth:53; isdataat:!1,relative; content:"cryptosistem.hr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421602/; classtype:trojan-activity;sid:81284702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421601)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/ra45eplxwoef/"; http_uri; depth:32; isdataat:!1,relative; content:"gunesulkesi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421601/; classtype:trojan-activity;sid:81284701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421600)"; flow:established,from_client; content:"GET"; http_method; content:"/empodera/jopyaddha/"; http_uri; depth:20; isdataat:!1,relative; content:"empoderacomunicacion.pe"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421600/; classtype:trojan-activity;sid:81284700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421599)"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/balance/jt4w8wwgdoi/"; http_uri; depth:35; isdataat:!1,relative; content:"helpmegrowutah.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421599/; classtype:trojan-activity;sid:81284699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421598)"; flow:established,from_client; content:"GET"; http_method; content:"/antiguo/inc/pgmmsdyvzmth/"; http_uri; depth:26; isdataat:!1,relative; content:"inkarainbow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421598/; classtype:trojan-activity;sid:81284698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421597)"; flow:established,from_client; content:"GET"; http_method; content:"/drupal/waw5mv82-6hatb-28925/"; http_uri; depth:29; isdataat:!1,relative; content:"ewingconsulting.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421597/; classtype:trojan-activity;sid:81284697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421596)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ncj02fs-iwts6-070/"; http_uri; depth:26; isdataat:!1,relative; content:"mcsgroup.co"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421596/; classtype:trojan-activity;sid:81284696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421595)"; flow:established,from_client; content:"GET"; http_method; content:"/sitepppp/ynvxcn/"; http_uri; depth:17; isdataat:!1,relative; content:"pattyprado.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421595/; classtype:trojan-activity;sid:81284695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421594)"; flow:established,from_client; content:"GET"; http_method; content:"/iwkazka///"; http_uri; depth:11; isdataat:!1,relative; content:"www.rsplot.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421594/; classtype:trojan-activity;sid:81284694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421593)"; flow:established,from_client; content:"GET"; http_method; content:"/assinatura/lgswgttc-flpkz-93501/"; http_uri; depth:33; isdataat:!1,relative; content:"lupusalimentos.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421593/; classtype:trojan-activity;sid:81284693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421592)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/jol906643089308093945scz916spmbqbmrpzx/"; http_uri; depth:60; isdataat:!1,relative; content:"kanchpurcity.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421592/; classtype:trojan-activity;sid:81284692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421591)"; flow:established,from_client; content:"GET"; http_method; content:"/images/fhq7h7babdbe5q5052/"; http_uri; depth:27; isdataat:!1,relative; content:"hafder.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421591/; classtype:trojan-activity;sid:81284691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421590)"; flow:established,from_client; content:"GET"; http_method; content:"/wuutjlo/"; http_uri; depth:9; isdataat:!1,relative; content:"guariz.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421590/; classtype:trojan-activity;sid:81284690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421589)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/hudy17240/"; http_uri; depth:23; isdataat:!1,relative; content:"gregemerson.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421589/; classtype:trojan-activity;sid:81284689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421588)"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/8t94mmdka13/"; http_uri; depth:19; isdataat:!1,relative; content:"groovyboove.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421588/; classtype:trojan-activity;sid:81284688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421587)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/xiw/"; http_uri; depth:12; isdataat:!1,relative; content:"www.hatchdogs.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421587/; classtype:trojan-activity;sid:81284687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421586)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/esp/"; http_uri; depth:13; isdataat:!1,relative; content:"lakallehn.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421586/; classtype:trojan-activity;sid:81284686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421585)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/hofovm/"; http_uri; depth:14; isdataat:!1,relative; content:"onourstyle.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421585/; classtype:trojan-activity;sid:81284685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421584)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lm/e5sp18662767484wwnkh6ngcm8qyrpsh/"; http_uri; depth:45; isdataat:!1,relative; content:"laminingraphics.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421584/; classtype:trojan-activity;sid:81284684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421583)"; flow:established,from_client; content:"GET"; http_method; content:"/jhn/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"securitymsofficesystemsharingcloudfilein.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421583/; classtype:trojan-activity;sid:81284683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421582)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/lxh9ld06a/"; http_uri; depth:27; isdataat:!1,relative; content:"likonifreighters.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421582/; classtype:trojan-activity;sid:81284682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421581)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/thmtposz-xj-9958/"; http_uri; depth:29; isdataat:!1,relative; content:"overonedjs.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421581/; classtype:trojan-activity;sid:81284681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421580)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/8pv9212236803yuuakn6sx/"; http_uri; depth:36; isdataat:!1,relative; content:"limpio.ba"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421580/; classtype:trojan-activity;sid:81284680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421579)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.12.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421579/; classtype:trojan-activity;sid:81284679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421578)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"142.93.12.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421578/; classtype:trojan-activity;sid:81284678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421577)"; flow:established,from_client; content:"GET"; http_method; content:"/murcia/0u71bhbbaow3/jtx972797138066170giyvj9hkzynty6ugplkb/"; http_uri; depth:60; isdataat:!1,relative; content:"nasim.hostlin.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421577/; classtype:trojan-activity;sid:81284677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421576)"; flow:established,from_client; content:"GET"; http_method; content:"/css/wk/"; http_uri; depth:8; isdataat:!1,relative; content:"poskorea.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421576/; classtype:trojan-activity;sid:81284676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421575)"; flow:established,from_client; content:"GET"; http_method; content:"/bo/vbc.exe"; http_uri; depth:11; isdataat:!1,relative; content:"securitymsofficesystemsharingcloudfilein.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421575/; classtype:trojan-activity;sid:81284675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421574/; classtype:trojan-activity;sid:81284674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.27.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421573/; classtype:trojan-activity;sid:81284673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.73.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421572/; classtype:trojan-activity;sid:81284672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.36.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421571/; classtype:trojan-activity;sid:81284671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421570/; classtype:trojan-activity;sid:81284670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.4.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421569/; classtype:trojan-activity;sid:81284669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.11.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421568/; classtype:trojan-activity;sid:81284668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/doc/7llw7pqb/"; http_uri; depth:18; isdataat:!1,relative; content:"mewolters.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421567/; classtype:trojan-activity;sid:81284667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421566)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/reporting/8c66726022781d99o53mku4ah9y/"; http_uri; depth:50; isdataat:!1,relative; content:"paco.co.th"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421566/; classtype:trojan-activity;sid:81284666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421565)"; flow:established,from_client; content:"GET"; http_method; content:"/shortcodes/ug/"; http_uri; depth:15; isdataat:!1,relative; content:"renergyholdings.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421565/; classtype:trojan-activity;sid:81284665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421564)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/statement/"; http_uri; depth:15; isdataat:!1,relative; content:"originalone.ma"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421564/; classtype:trojan-activity;sid:81284664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421563)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/va7833496035804878vsakgm998p19t/"; http_uri; depth:41; isdataat:!1,relative; content:"kaleembrothers.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421563/; classtype:trojan-activity;sid:81284663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421562)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"211.34.252.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421562/; classtype:trojan-activity;sid:81284662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421561)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/awto7y-hn-1775/"; http_uri; depth:27; isdataat:!1,relative; content:"sehahealth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421561/; classtype:trojan-activity;sid:81284661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421560)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/reporting/"; http_uri; depth:23; isdataat:!1,relative; content:"parvamusic.ir"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421560/; classtype:trojan-activity;sid:81284660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421559)"; flow:established,from_client; content:"GET"; http_method; content:"/936868149/lnd-arm7"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421559/; classtype:trojan-activity;sid:81284659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421558)"; flow:established,from_client; content:"GET"; http_method; content:"/936868149/lnd-arm"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421558/; classtype:trojan-activity;sid:81284658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421557)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inc/fsyrb08lxg/"; http_uri; depth:28; isdataat:!1,relative; content:"pastaciyiz.biz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421557/; classtype:trojan-activity;sid:81284657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421556)"; flow:established,from_client; content:"GET"; http_method; content:"/softee/24eo46-cbfh-9709/"; http_uri; depth:25; isdataat:!1,relative; content:"shivakunwar.com.np"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421556/; classtype:trojan-activity;sid:81284656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421555)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/personal-sector/verified-profile/tu3y55aa4s-y2kbmm77/"; http_uri; depth:63; isdataat:!1,relative; content:"sathobby.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421555/; classtype:trojan-activity;sid:81284655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421554)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/public/"; http_uri; depth:14; isdataat:!1,relative; content:"sagnosys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421554/; classtype:trojan-activity;sid:81284654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421553)"; flow:established,from_client; content:"GET"; http_method; content:"/organic_pigments/wmkjgjfgr/"; http_uri; depth:28; isdataat:!1,relative; content:"standardcolours.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421553/; classtype:trojan-activity;sid:81284653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421552)"; flow:established,from_client; content:"GET"; http_method; content:"/sai/oct/"; http_uri; depth:9; isdataat:!1,relative; content:"saimission.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421552/; classtype:trojan-activity;sid:81284652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421551)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/zkyvns/"; http_uri; depth:18; isdataat:!1,relative; content:"toutdoor.com.my"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421551/; classtype:trojan-activity;sid:81284651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421550)"; flow:established,from_client; content:"GET"; http_method; content:"/personal_disk/documentation/djez7cmhe/j032083030854758b6yd44fw/"; http_uri; depth:64; isdataat:!1,relative; content:"servicebras.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421550/; classtype:trojan-activity;sid:81284650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421549)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/s5972015qtqs92zfih69/"; http_uri; depth:36; isdataat:!1,relative; content:"sggogreenbags.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421549/; classtype:trojan-activity;sid:81284649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421548)"; flow:established,from_client; content:"GET"; http_method; content:"/stqmpb/browse/y3iw41875607992rgglscreh5er2uw56qvr/"; http_uri; depth:51; isdataat:!1,relative; content:"speakerrepairs.co.za"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421548/; classtype:trojan-activity;sid:81284648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421547)"; flow:established,from_client; content:"GET"; http_method; content:"/nova/balance/9v68wheh/"; http_uri; depth:23; isdataat:!1,relative; content:"smartlogo.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421547/; classtype:trojan-activity;sid:81284647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421546)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"67.83.49.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421546/; classtype:trojan-activity;sid:81284646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421545)"; flow:established,from_client; content:"GET"; http_method; content:"/views/lm/6jmqrm8pqm/"; http_uri; depth:21; isdataat:!1,relative; content:"subforsanta.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421545/; classtype:trojan-activity;sid:81284645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421544)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/attachments/"; http_uri; depth:21; isdataat:!1,relative; content:"toprakmedia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421544/; classtype:trojan-activity;sid:81284644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421543)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/6qi9u071df/"; http_uri; depth:24; isdataat:!1,relative; content:"tfosgroup.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421543/; classtype:trojan-activity;sid:81284643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421542)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/multifunctional-section/corporate-warehouse/873955838570-ndrzvdgktl3zda/"; http_uri; depth:81; isdataat:!1,relative; content:"www.aeroasia-interior.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421542/; classtype:trojan-activity;sid:81284642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421541)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ljs/"; http_uri; depth:16; isdataat:!1,relative; content:"www.botamotocross.site"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421541/; classtype:trojan-activity;sid:81284641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421540)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/pwtnwqtqr/opx22615643nfkdjdzpt2d2w9a43/"; http_uri; depth:55; isdataat:!1,relative; content:"tyronescleancredit.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421540/; classtype:trojan-activity;sid:81284640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421539)"; flow:established,from_client; content:"GET"; http_method; content:"/aci/document/dqg717m1/"; http_uri; depth:23; isdataat:!1,relative; content:"www.aci.serabd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421539/; classtype:trojan-activity;sid:81284639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421538)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/tp-yjf18-85615/"; http_uri; depth:24; isdataat:!1,relative; content:"www.commercedusud.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421538/; classtype:trojan-activity;sid:81284638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421537)"; flow:established,from_client; content:"GET"; http_method; content:"/ar/payment/lvat7ei2tf1/"; http_uri; depth:24; isdataat:!1,relative; content:"www.aistidafa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421537/; classtype:trojan-activity;sid:81284637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421536)"; flow:established,from_client; content:"GET"; http_method; content:"/1080/inc/"; http_uri; depth:10; isdataat:!1,relative; content:"backroom.co.nz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421536/; classtype:trojan-activity;sid:81284636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421535)"; flow:established,from_client; content:"GET"; http_method; content:"/website.irenicinternational.in/fftf/"; http_uri; depth:37; isdataat:!1,relative; content:"www.irenicinternational.in"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421535/; classtype:trojan-activity;sid:81284635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421534)"; flow:established,from_client; content:"GET"; http_method; content:"/forms/1092492180151127/qauamgmilj98/rf3023731744520h5cq5zgzh9/"; http_uri; depth:63; isdataat:!1,relative; content:"waxtoncctv.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421534/; classtype:trojan-activity;sid:81284634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421533)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/docs/a709cdyuc/"; http_uri; depth:28; isdataat:!1,relative; content:"www.cagev.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421533/; classtype:trojan-activity;sid:81284633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421532)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vmaels/"; http_uri; depth:17; isdataat:!1,relative; content:"www.kewcorp.ca"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421532/; classtype:trojan-activity;sid:81284632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421531)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/swift/"; http_uri; depth:10; isdataat:!1,relative; content:"www.mifaingenieros.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421531/; classtype:trojan-activity;sid:81284631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421530)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/inc/tfcetku53/"; http_uri; depth:21; isdataat:!1,relative; content:"www.cittadivita.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421530/; classtype:trojan-activity;sid:81284630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421529)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/statement/"; http_uri; depth:19; isdataat:!1,relative; content:"www.clinicavitalefsa.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421529/; classtype:trojan-activity;sid:81284629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421528)"; flow:established,from_client; content:"GET"; http_method; content:"/tests/ezcku7-q1tjw-0018/"; http_uri; depth:25; isdataat:!1,relative; content:"www.dii.com.pk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421528/; classtype:trojan-activity;sid:81284628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421527)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/9100092/"; http_uri; depth:17; isdataat:!1,relative; content:"www.logisafe.com.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421527/; classtype:trojan-activity;sid:81284627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421526)"; flow:established,from_client; content:"GET"; http_method; content:"/mail/etrac/547jbn/"; http_uri; depth:19; isdataat:!1,relative; content:"www.lokeshullamkecskemet.hu"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421526/; classtype:trojan-activity;sid:81284626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"41.32.202.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421525/; classtype:trojan-activity;sid:81284625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421524)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/espz/"; http_uri; depth:18; isdataat:!1,relative; content:"www.jawara.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421524/; classtype:trojan-activity;sid:81284624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421523)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/documentation/c2888953404626u50nzzeqecfagwml2jrlf7/"; http_uri; depth:68; isdataat:!1,relative; content:"www.devaux.ch"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421523/; classtype:trojan-activity;sid:81284623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421522)"; flow:established,from_client; content:"GET"; http_method; content:"/demoobj/doc/1hofoks807em/0gg6fnw1346989803726jxslnrux3/"; http_uri; depth:56; isdataat:!1,relative; content:"www.cpmred.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421522/; classtype:trojan-activity;sid:81284622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421521)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/kg/"; http_uri; depth:12; isdataat:!1,relative; content:"www.forexshifu.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421521/; classtype:trojan-activity;sid:81284621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421520)"; flow:established,from_client; content:"GET"; http_method; content:"/v_2018./qb9f9cijl/"; http_uri; depth:19; isdataat:!1,relative; content:"labonni.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421520/; classtype:trojan-activity;sid:81284620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421519)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wzn6iv-ry-81561/"; http_uri; depth:28; isdataat:!1,relative; content:"www.fuertecaja.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421519/; classtype:trojan-activity;sid:81284619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421518)"; flow:established,from_client; content:"GET"; http_method; content:"/logo/doc/ql0n5fu/e9pn1647457604mlskhssck1sju/"; http_uri; depth:46; isdataat:!1,relative; content:"www.fiberdyneqatar.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421518/; classtype:trojan-activity;sid:81284618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421517)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/report/"; http_uri; depth:16; isdataat:!1,relative; content:"www.fanda.co.ke"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421517/; classtype:trojan-activity;sid:81284617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421516)"; flow:established,from_client; content:"GET"; http_method; content:"/images/tmr21x-p55m-916118/"; http_uri; depth:27; isdataat:!1,relative; content:"www.grecoson.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421516/; classtype:trojan-activity;sid:81284616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421515)"; flow:established,from_client; content:"GET"; http_method; content:"/test/llc/"; http_uri; depth:10; isdataat:!1,relative; content:"www.essand.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421515/; classtype:trojan-activity;sid:81284615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421514)"; flow:established,from_client; content:"GET"; http_method; content:"/site/hdg-gux-5698/"; http_uri; depth:19; isdataat:!1,relative; content:"www.lojajosemar.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421514/; classtype:trojan-activity;sid:81284614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421513)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/overview/9rxax6/"; http_uri; depth:25; isdataat:!1,relative; content:"www.findio.co.ke"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421513/; classtype:trojan-activity;sid:81284613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421512)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/rrxjpr/c22y0877995jcg2cdny5/"; http_uri; depth:44; isdataat:!1,relative; content:"www.bloomncare.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421512/; classtype:trojan-activity;sid:81284612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421511)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/favf513476009051607a7eqbocb0pg0w97/"; http_uri; depth:49; isdataat:!1,relative; content:"www.asrijeweler.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421511/; classtype:trojan-activity;sid:81284611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421510)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/"; http_uri; depth:17; isdataat:!1,relative; content:"www.frontlyeadinternationalschools.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421510/; classtype:trojan-activity;sid:81284610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421509)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5qzzev5g"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421509/; classtype:trojan-activity;sid:81284609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421508)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qpds-5ub-25676/"; http_uri; depth:24; isdataat:!1,relative; content:"www.mcomlhr.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421508/; classtype:trojan-activity;sid:81284608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421507)"; flow:established,from_client; content:"GET"; http_method; content:"/clients/6whg9_9ww91_ev4kr/"; http_uri; depth:27; isdataat:!1,relative; content:"greatfxmedia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421507/; classtype:trojan-activity;sid:81284607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421506)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/z3a_r_rm70xlsb3/"; http_uri; depth:28; isdataat:!1,relative; content:"guyn3.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421506/; classtype:trojan-activity;sid:81284606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421505)"; flow:established,from_client; content:"GET"; http_method; content:"/web/o9kb_qb_na7usf6/"; http_uri; depth:21; isdataat:!1,relative; content:"www.tarjetasas.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421505/; classtype:trojan-activity;sid:81284605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421504)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pl0_sux_k2b4cgyr/"; http_uri; depth:30; isdataat:!1,relative; content:"www.sourcetechno.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421504/; classtype:trojan-activity;sid:81284604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421503)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/o5kn_2i_4qtj9wg/"; http_uri; depth:29; isdataat:!1,relative; content:"haek.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421503/; classtype:trojan-activity;sid:81284603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421502)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/parts_service/3rm0c33l3/w36044098077zvc9m7uvkeq7q5gbv90b/"; http_uri; depth:68; isdataat:!1,relative; content:"www.geoav.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421502/; classtype:trojan-activity;sid:81284602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421501)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/overview/s4crxbe969823987hzdz4bhkpgv06900r/"; http_uri; depth:55; isdataat:!1,relative; content:"www.graduasi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421501/; classtype:trojan-activity;sid:81284601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.228.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421500/; classtype:trojan-activity;sid:81284600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.171.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421499/; classtype:trojan-activity;sid:81284599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421498/; classtype:trojan-activity;sid:81284598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"5.152.0.241"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421497/; classtype:trojan-activity;sid:81284597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421496/; classtype:trojan-activity;sid:81284596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.155.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421495/; classtype:trojan-activity;sid:81284595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421494/; classtype:trojan-activity;sid:81284594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.199.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421493/; classtype:trojan-activity;sid:81284593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.46.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421492/; classtype:trojan-activity;sid:81284592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.86.213.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421491/; classtype:trojan-activity;sid:81284591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.222.195.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421490/; classtype:trojan-activity;sid:81284590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.123.169.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421489/; classtype:trojan-activity;sid:81284589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.124.184.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421488/; classtype:trojan-activity;sid:81284588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.234.46.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421487/; classtype:trojan-activity;sid:81284587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421486)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.177.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421486/; classtype:trojan-activity;sid:81284586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421485)"; flow:established,from_client; content:"GET"; http_method; content:"/yoyobins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"128.199.177.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421485/; classtype:trojan-activity;sid:81284585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421484)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ncj02fs-iwts6-070/"; http_uri; depth:26; isdataat:!1,relative; content:"www.mcsgroup.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421484/; classtype:trojan-activity;sid:81284584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421483)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"135.26.149.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421483/; classtype:trojan-activity;sid:81284583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421482)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/inc/toqn40xxa/3dymlsk3665192952125550346k0hx52auspx56deh/"; http_uri; depth:66; isdataat:!1,relative; content:"www.vasinfo.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421482/; classtype:trojan-activity;sid:81284582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421481)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/f0ec3r336527547211143lwnb825q4gmnb3d/"; http_uri; depth:52; isdataat:!1,relative; content:"www.imammaliktetouan.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421481/; classtype:trojan-activity;sid:81284581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421480)"; flow:established,from_client; content:"GET"; http_method; content:"/prueba/grq9g61/"; http_uri; depth:16; isdataat:!1,relative; content:"gsiquick.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421480/; classtype:trojan-activity;sid:81284580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421479)"; flow:established,from_client; content:"GET"; http_method; content:"/rideforhd/8q/"; http_uri; depth:14; isdataat:!1,relative; content:"misenar.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421479/; classtype:trojan-activity;sid:81284579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421478)"; flow:established,from_client; content:"GET"; http_method; content:"/banner_tm/iui2890/"; http_uri; depth:19; isdataat:!1,relative; content:"guarany.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421478/; classtype:trojan-activity;sid:81284578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421477)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/kneik06090/"; http_uri; depth:17; isdataat:!1,relative; content:"gregladen.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421477/; classtype:trojan-activity;sid:81284577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421476)"; flow:established,from_client; content:"GET"; http_method; content:"/kani/e6jqeyw/"; http_uri; depth:14; isdataat:!1,relative; content:"guppon.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421476/; classtype:trojan-activity;sid:81284576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421475)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/52ud3r55h/"; http_uri; depth:20; isdataat:!1,relative; content:"www.kecsfila.hu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421475/; classtype:trojan-activity;sid:81284575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421474)"; flow:established,from_client; content:"GET"; http_method; content:"/pi/my29hucxmsvxr58.exe"; http_uri; depth:23; isdataat:!1,relative; content:"biz9holdings.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421474/; classtype:trojan-activity;sid:81284574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421473)"; flow:established,from_client; content:"GET"; http_method; content:"/mail/srxxqv/"; http_uri; depth:13; isdataat:!1,relative; content:"www.ngcdfkibra.go.ke"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421473/; classtype:trojan-activity;sid:81284573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421472)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/swift/"; http_uri; depth:10; isdataat:!1,relative; content:"www.mifaingenieros.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421472/; classtype:trojan-activity;sid:81284572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421471)"; flow:established,from_client; content:"GET"; http_method; content:"/css/browse/"; http_uri; depth:12; isdataat:!1,relative; content:"www.mitrausahacontrucion.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421471/; classtype:trojan-activity;sid:81284571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421470)"; flow:established,from_client; content:"GET"; http_method; content:"/iwkazka/"; http_uri; depth:9; isdataat:!1,relative; content:"www.rsplot.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421470/; classtype:trojan-activity;sid:81284570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421469)"; flow:established,from_client; content:"GET"; http_method; content:"/nidavelier/sites/kmwkxwnvpi3/4y0vcs20577928188282a5328gvvooig41u/"; http_uri; depth:66; isdataat:!1,relative; content:"www.mjhl.com.mx"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421469/; classtype:trojan-activity;sid:81284569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421468)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; content:"wellcraftint.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421468/; classtype:trojan-activity;sid:81284568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421467)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/f9vfq3/"; http_uri; depth:16; isdataat:!1,relative; content:"www.orionexpresso.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421467/; classtype:trojan-activity;sid:81284567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421466)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/obagmm/"; http_uri; depth:19; isdataat:!1,relative; content:"www.slservicebd.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421466/; classtype:trojan-activity;sid:81284566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421465)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/inc/90z6a8mhmv/"; http_uri; depth:24; isdataat:!1,relative; content:"www.renkegitim.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421465/; classtype:trojan-activity;sid:81284565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421464)"; flow:established,from_client; content:"GET"; http_method; content:"/js/file/r6f4g5co4m/"; http_uri; depth:20; isdataat:!1,relative; content:"www.scmasabacus.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421464/; classtype:trojan-activity;sid:81284564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421463)"; flow:established,from_client; content:"GET"; http_method; content:"/pezzya/"; http_uri; depth:8; isdataat:!1,relative; content:"www.whenua.cl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421463/; classtype:trojan-activity;sid:81284563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421462)"; flow:established,from_client; content:"GET"; http_method; content:"/css/scan/9lutb0me/"; http_uri; depth:19; isdataat:!1,relative; content:"www.slanacom.si"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421462/; classtype:trojan-activity;sid:81284562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421461)"; flow:established,from_client; content:"GET"; http_method; content:"/cut_r_37ul9/payment/i9k97o/"; http_uri; depth:28; isdataat:!1,relative; content:"gtdesign.ch"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421461/; classtype:trojan-activity;sid:81284561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421460)"; flow:established,from_client; content:"GET"; http_method; content:"/install/cqblnc/"; http_uri; depth:16; isdataat:!1,relative; content:"www.yeumoitruong.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421460/; classtype:trojan-activity;sid:81284560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421459)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/overview/"; http_uri; depth:22; isdataat:!1,relative; content:"www.niaayuningimandari.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421459/; classtype:trojan-activity;sid:81284559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421458)"; flow:established,from_client; content:"GET"; http_method; content:"/lm/pa1b3du7h/"; http_uri; depth:14; isdataat:!1,relative; content:"www.smmboster.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421458/; classtype:trojan-activity;sid:81284558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421457)"; flow:established,from_client; content:"GET"; http_method; content:"/2016/olj/"; http_uri; depth:10; isdataat:!1,relative; content:"www.groovability.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421457/; classtype:trojan-activity;sid:81284557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421456)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/llc/"; http_uri; depth:16; isdataat:!1,relative; content:"www.palestina.gob.ec"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421456/; classtype:trojan-activity;sid:81284556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421455)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/i0zrp8-g44d-2191/"; http_uri; depth:26; isdataat:!1,relative; content:"beenakker.eu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421455/; classtype:trojan-activity;sid:81284555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421454)"; flow:established,from_client; content:"GET"; http_method; content:"/shoock/file/"; http_uri; depth:13; isdataat:!1,relative; content:"www.viportal.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421454/; classtype:trojan-activity;sid:81284554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421453)"; flow:established,from_client; content:"GET"; http_method; content:"/spaans/report/d3608164554247882vc0flmtetcefq/"; http_uri; depth:46; isdataat:!1,relative; content:"houdevelt.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421453/; classtype:trojan-activity;sid:81284553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421452)"; flow:established,from_client; content:"GET"; http_method; content:"/elecciones2019/public/1h2dduqoy62v/"; http_uri; depth:36; isdataat:!1,relative; content:"grafikos.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421452/; classtype:trojan-activity;sid:81284552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421451)"; flow:established,from_client; content:"GET"; http_method; content:"/css/vu82k-syf-7188/"; http_uri; depth:20; isdataat:!1,relative; content:"www.hazelfranks.me.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421451/; classtype:trojan-activity;sid:81284551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421450)"; flow:established,from_client; content:"GET"; http_method; content:"/images/file/guiex92647391090439xam98iglqqhui/"; http_uri; depth:46; isdataat:!1,relative; content:"agtrade.hu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421450/; classtype:trojan-activity;sid:81284550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421449)"; flow:established,from_client; content:"GET"; http_method; content:"/img/parts_service/mqb4765620800764364dlcxfteuixyn79d9m43d/"; http_uri; depth:59; isdataat:!1,relative; content:"gvits.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421449/; classtype:trojan-activity;sid:81284549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421448)"; flow:established,from_client; content:"GET"; http_method; content:"/qvf/"; http_uri; depth:5; isdataat:!1,relative; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421448/; classtype:trojan-activity;sid:81284548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421447)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/statement/433w52/o665719766859014p4o4pa4o3dbae/"; http_uri; depth:53; isdataat:!1,relative; content:"hollam.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421447/; classtype:trojan-activity;sid:81284547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421446)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/browse/1cn9be1r/"; http_uri; depth:29; isdataat:!1,relative; content:"cybertech-it.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421446/; classtype:trojan-activity;sid:81284546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421445)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/3iz1jbwj-jnpw-844/"; http_uri; depth:28; isdataat:!1,relative; content:"hegelito.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421445/; classtype:trojan-activity;sid:81284545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421444)"; flow:established,from_client; content:"GET"; http_method; content:"/arcreative_2/swift/"; http_uri; depth:20; isdataat:!1,relative; content:"aperfectimage.pl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421444/; classtype:trojan-activity;sid:81284544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421443)"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/asf2r-7jesd-9262/"; http_uri; depth:34; isdataat:!1,relative; content:"ranking-site.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421443/; classtype:trojan-activity;sid:81284543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421442)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/mnicftr/"; http_uri; depth:20; isdataat:!1,relative; content:"www.giardinosullamaremma.it"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421442/; classtype:trojan-activity;sid:81284542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421441)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/d9pmd93694/"; http_uri; depth:23; isdataat:!1,relative; content:"spitzertech.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421441/; classtype:trojan-activity;sid:81284541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421440)"; flow:established,from_client; content:"GET"; http_method; content:"/stacymgreen/etqjdgf4343351/"; http_uri; depth:28; isdataat:!1,relative; content:"withdrake.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421440/; classtype:trojan-activity;sid:81284540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421439)"; flow:established,from_client; content:"GET"; http_method; content:"/eayo10088k/32emeaoiq7963578/"; http_uri; depth:29; isdataat:!1,relative; content:"ensource.co.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421439/; classtype:trojan-activity;sid:81284539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421438)"; flow:established,from_client; content:"GET"; http_method; content:"/old/iyv0hf8926444/"; http_uri; depth:19; isdataat:!1,relative; content:"yeichner.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421438/; classtype:trojan-activity;sid:81284538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421437)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/swift/dmlu7f9/"; http_uri; depth:23; isdataat:!1,relative; content:"hcfoods.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421437/; classtype:trojan-activity;sid:81284537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"149.3.73.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421436/; classtype:trojan-activity;sid:81284536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421435)"; flow:established,from_client; content:"GET"; http_method; content:"/iantipodes/o0pa-2x8u-921938/"; http_uri; depth:29; isdataat:!1,relative; content:"www.herms.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421435/; classtype:trojan-activity;sid:81284535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421434)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/73147137571702/0iv554548995156639kist29n80or33d3bxecr561/"; http_uri; depth:66; isdataat:!1,relative; content:"hdsr.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421434/; classtype:trojan-activity;sid:81284534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421433)"; flow:established,from_client; content:"GET"; http_method; content:"/bi/vbc.exe"; http_uri; depth:11; isdataat:!1,relative; content:"securitymsofficesystemsharingcloudfilein.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421433/; classtype:trojan-activity;sid:81284533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421432)"; flow:established,from_client; content:"GET"; http_method; content:"/9c950e/scan/oh2753083skvphuiffhodq9oz2/"; http_uri; depth:40; isdataat:!1,relative; content:"heartssetfree.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421432/; classtype:trojan-activity;sid:81284532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421431)"; flow:established,from_client; content:"GET"; http_method; content:"/_errorpages/svda/"; http_uri; depth:18; isdataat:!1,relative; content:"hesa.co.id"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421431/; classtype:trojan-activity;sid:81284531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421430)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/doc/"; http_uri; depth:13; isdataat:!1,relative; content:"henkphilipsen.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421430/; classtype:trojan-activity;sid:81284530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421429)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/attachments/uuib4bo/55681905236344037nvffkvh1/"; http_uri; depth:55; isdataat:!1,relative; content:"hercinovic.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421429/; classtype:trojan-activity;sid:81284529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421428)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/ya6j-n1-68030/"; http_uri; depth:20; isdataat:!1,relative; content:"www.hellojohnwebb.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421428/; classtype:trojan-activity;sid:81284528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421427)"; flow:established,from_client; content:"GET"; http_method; content:"/css/report/mbaxq6z535/"; http_uri; depth:23; isdataat:!1,relative; content:"www.henseldesign.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421427/; classtype:trojan-activity;sid:81284527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421426)"; flow:established,from_client; content:"GET"; http_method; content:"/68838057/"; http_uri; depth:10; isdataat:!1,relative; content:"heyfoxcomic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421426/; classtype:trojan-activity;sid:81284526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421425)"; flow:established,from_client; content:"GET"; http_method; content:"/clayupdate.com/cvnfoq/"; http_uri; depth:23; isdataat:!1,relative; content:"hoelscher1.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421425/; classtype:trojan-activity;sid:81284525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421424)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/parts_service/"; http_uri; depth:23; isdataat:!1,relative; content:"hguk.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421424/; classtype:trojan-activity;sid:81284524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421423)"; flow:established,from_client; content:"GET"; http_method; content:"/corrupt4/m0vav60t-qftb-084/"; http_uri; depth:28; isdataat:!1,relative; content:"hitisland.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421423/; classtype:trojan-activity;sid:81284523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421422)"; flow:established,from_client; content:"GET"; http_method; content:"/7107012102381-23szf9dzczyzlb-module/verifiable-lxb4xqxarsdu24p-gjvbk/421263-tnzzz/"; http_uri; depth:83; isdataat:!1,relative; content:"elementalburn.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421422/; classtype:trojan-activity;sid:81284522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421421)"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/sites/g172cd310vo/"; http_uri; depth:33; isdataat:!1,relative; content:"hirken.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421421/; classtype:trojan-activity;sid:81284521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421420)"; flow:established,from_client; content:"GET"; http_method; content:"/ispolnitelniy_list_218417004"; http_uri; depth:29; isdataat:!1,relative; content:"www.fssspdocs.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421420/; classtype:trojan-activity;sid:81284520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421419)"; flow:established,from_client; content:"GET"; http_method; content:"/inc/etrac/6bzxvjgte/ic3019773564ff4871eg3lp4p1/"; http_uri; depth:48; isdataat:!1,relative; content:"herbanarts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421419/; classtype:trojan-activity;sid:81284519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421417)"; flow:established,from_client; content:"GET"; http_method; content:"/localhost/2ti9oa/"; http_uri; depth:18; isdataat:!1,relative; content:"hofhuistechniek.nl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421417/; classtype:trojan-activity;sid:81284517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"190.98.37.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421416/; classtype:trojan-activity;sid:81284516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421415)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.sh4"; http_uri; depth:24; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421415/; classtype:trojan-activity;sid:81284515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421414)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421414/; classtype:trojan-activity;sid:81284514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421413)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm6"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421413/; classtype:trojan-activity;sid:81284513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421412)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.ppc"; http_uri; depth:24; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421412/; classtype:trojan-activity;sid:81284512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421411)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421411/; classtype:trojan-activity;sid:81284511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421410)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421410/; classtype:trojan-activity;sid:81284510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421409)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.spc"; http_uri; depth:24; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421409/; classtype:trojan-activity;sid:81284509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421408)"; flow:established,from_client; content:"GET"; http_method; content:"/richard/paclm/"; http_uri; depth:15; isdataat:!1,relative; content:"huffpuff.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421408/; classtype:trojan-activity;sid:81284508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421407)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; content:"167.71.138.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421407/; classtype:trojan-activity;sid:81284507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421406)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; content:"167.71.138.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421406/; classtype:trojan-activity;sid:81284506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421405)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421405/; classtype:trojan-activity;sid:81284505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421404)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421404/; classtype:trojan-activity;sid:81284504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421403)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421403/; classtype:trojan-activity;sid:81284503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421401)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; content:"45.95.168.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421401/; classtype:trojan-activity;sid:81284501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421400)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivos/reporting/lgq27i4980789571308984v31psm7yqvkm4qt3c/"; http_uri; depth:60; isdataat:!1,relative; content:"ibda.adv.br"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421400/; classtype:trojan-activity;sid:81284500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421399)"; flow:established,from_client; content:"GET"; http_method; content:"/audio/rnvnjev-93fn-494786/"; http_uri; depth:27; isdataat:!1,relative; content:"www.howie23.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421399/; classtype:trojan-activity;sid:81284499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421398)"; flow:established,from_client; content:"GET"; http_method; content:"/index/x.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"ec2-18-191-109-13.us-east-2.compute.amazonaws.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421398/; classtype:trojan-activity;sid:81284498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421397)"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/mode/harl.exe"; http_uri; depth:22; isdataat:!1,relative; content:"auxmalishoes.ga"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421397/; classtype:trojan-activity;sid:81284497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421396)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/"; http_uri; depth:5; isdataat:!1,relative; content:"holhaug.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421396/; classtype:trojan-activity;sid:81284496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421394)"; flow:established,from_client; content:"GET"; http_method; content:"/nfe0932958390850935.zip"; http_uri; depth:24; isdataat:!1,relative; content:"ec2-3-17-134-200.us-east-2.compute.amazonaws.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421394/; classtype:trojan-activity;sid:81284494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421393)"; flow:established,from_client; content:"GET"; http_method; content:"/image/public/1qqxmgx1ceqd/c6jf7i3034098706716050vjgwdxvaue/"; http_uri; depth:60; isdataat:!1,relative; content:"hoogveld-service.nl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421393/; classtype:trojan-activity;sid:81284493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421391)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/39cfu-gt1z-74/"; http_uri; depth:27; isdataat:!1,relative; content:"icisa.cl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421391/; classtype:trojan-activity;sid:81284491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421390)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/swift/g6o0qx1y/"; http_uri; depth:24; isdataat:!1,relative; content:"hostech.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421390/; classtype:trojan-activity;sid:81284490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.20.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421389/; classtype:trojan-activity;sid:81284489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.49.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421388/; classtype:trojan-activity;sid:81284488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421387/; classtype:trojan-activity;sid:81284487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.129.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421386/; classtype:trojan-activity;sid:81284486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421385/; classtype:trojan-activity;sid:81284485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.104.224.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421384/; classtype:trojan-activity;sid:81284484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421383/; classtype:trojan-activity;sid:81284483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421381)"; flow:established,from_client; content:"GET"; http_method; content:"/winpo/vbc.exe"; http_uri; depth:14; isdataat:!1,relative; content:"securitymsofficesystemsharingcloudfilein.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421381/; classtype:trojan-activity;sid:81284481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421379)"; flow:established,from_client; content:"GET"; http_method; content:"/winpo/invoice_25225.doc"; http_uri; depth:24; isdataat:!1,relative; content:"securitymsofficesystemsharingcloudfilein.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421379/; classtype:trojan-activity;sid:81284479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421378)"; flow:established,from_client; content:"GET"; http_method; content:"/sites/sites/2nl4laoy2hrm/"; http_uri; depth:26; isdataat:!1,relative; content:"hollowmoon.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421378/; classtype:trojan-activity;sid:81284478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421377)"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/4r166-ca5-902/"; http_uri; depth:21; isdataat:!1,relative; content:"ikasp.se"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421377/; classtype:trojan-activity;sid:81284477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421376)"; flow:established,from_client; content:"GET"; http_method; content:"/themexp/sites/"; http_uri; depth:15; isdataat:!1,relative; content:"hshub.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421376/; classtype:trojan-activity;sid:81284476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421375)"; flow:established,from_client; content:"GET"; http_method; content:"/vqmod/nvdb99/6z8y5de7/"; http_uri; depth:23; isdataat:!1,relative; content:"www.ico6.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421375/; classtype:trojan-activity;sid:81284475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421374)"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/mode/sean.exe"; http_uri; depth:22; isdataat:!1,relative; content:"auxmalishoes.ga"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421374/; classtype:trojan-activity;sid:81284474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421373)"; flow:established,from_client; content:"GET"; http_method; content:"/15395mzfkwk/5sty-khh-190133/"; http_uri; depth:29; isdataat:!1,relative; content:"ifcingenieria.cl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421373/; classtype:trojan-activity;sid:81284473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421372)"; flow:established,from_client; content:"GET"; http_method; content:"/banner/public/ikbrx3tz/"; http_uri; depth:24; isdataat:!1,relative; content:"immocop.ch"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421372/; classtype:trojan-activity;sid:81284472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/attachments/"; http_uri; depth:17; isdataat:!1,relative; content:"rhinoplas.co.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421371/; classtype:trojan-activity;sid:81284471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421370)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tiny_mce/temp/tpriv.ps1"; http_uri; depth:27; isdataat:!1,relative; content:"www.royerconseil-finances.ch"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421370/; classtype:trojan-activity;sid:81284470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421369)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tiny_mce/temp/start.ps1"; http_uri; depth:27; isdataat:!1,relative; content:"www.royerconseil-finances.ch"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421369/; classtype:trojan-activity;sid:81284469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421368)"; flow:established,from_client; content:"GET"; http_method; content:"/vianna/xoel/"; http_uri; depth:13; isdataat:!1,relative; content:"idealli.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421368/; classtype:trojan-activity;sid:81284468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421367)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/p09puc8nlsl/"; http_uri; depth:22; isdataat:!1,relative; content:"kibrit.com.tr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421367/; classtype:trojan-activity;sid:81284467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421366)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tiny_mce/temp/l.exe"; http_uri; depth:23; isdataat:!1,relative; content:"www.royerconseil-finances.ch"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421366/; classtype:trojan-activity;sid:81284466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421365)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tiny_mce/temp/potato.exe"; http_uri; depth:28; isdataat:!1,relative; content:"www.royerconseil-finances.ch"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421365/; classtype:trojan-activity;sid:81284465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421364)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tiny_mce/temp/ghost.exe"; http_uri; depth:27; isdataat:!1,relative; content:"www.royerconseil-finances.ch"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421364/; classtype:trojan-activity;sid:81284464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421363)"; flow:established,from_client; content:"GET"; http_method; content:"/js/tiny_mce/temp/r.exe"; http_uri; depth:23; isdataat:!1,relative; content:"www.royerconseil-finances.ch"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421363/; classtype:trojan-activity;sid:81284463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421362)"; flow:established,from_client; content:"GET"; http_method; content:"/a-kus/attachments/ph06yz/"; http_uri; depth:26; isdataat:!1,relative; content:"kustens.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421362/; classtype:trojan-activity;sid:81284462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421361)"; flow:established,from_client; content:"GET"; http_method; content:"/dni-ph-092/"; http_uri; depth:12; isdataat:!1,relative; content:"ikexpert.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421361/; classtype:trojan-activity;sid:81284461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/parts_service/"; http_uri; depth:19; isdataat:!1,relative; content:"www.kosses.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421360/; classtype:trojan-activity;sid:81284460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421359)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gnwl7ww5xqwm/"; http_uri; depth:25; isdataat:!1,relative; content:"imdavidlee.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421359/; classtype:trojan-activity;sid:81284459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421358)"; flow:established,from_client; content:"GET"; http_method; content:"/xq06330747110950rfqjzsz50lwr0d5djwyln/"; http_uri; depth:39; isdataat:!1,relative; content:"imaimax.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421358/; classtype:trojan-activity;sid:81284458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421357)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/rwi/"; http_uri; depth:13; isdataat:!1,relative; content:"ikbenpink.be"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421357/; classtype:trojan-activity;sid:81284457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421356)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/hucr5999590815rof242clcvbjblaz9f/"; http_uri; depth:42; isdataat:!1,relative; content:"www.madlychic.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421356/; classtype:trojan-activity;sid:81284456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421355)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/00g6kg10pyw/"; http_uri; depth:17; isdataat:!1,relative; content:"immediax.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421355/; classtype:trojan-activity;sid:81284455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/browse/evvkspfokj6/2jn441542467414881wqpu1bhcmdbktphjnz/"; http_uri; depth:68; isdataat:!1,relative; content:"pck.ostrowiec.pl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421354/; classtype:trojan-activity;sid:81284454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421353)"; flow:established,from_client; content:"GET"; http_method; content:"/me-tlv.co.il/lm/"; http_uri; depth:17; isdataat:!1,relative; content:"slideit.co.il"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421353/; classtype:trojan-activity;sid:81284453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421352)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/"; http_uri; depth:18; isdataat:!1,relative; content:"www.vizyonpr.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421352/; classtype:trojan-activity;sid:81284452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421351)"; flow:established,from_client; content:"GET"; http_method; content:"/focm/ceeold.exe"; http_uri; depth:16; isdataat:!1,relative; content:"185.172.110.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421351/; classtype:trojan-activity;sid:81284451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421350)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/inc/toqn40xxa/3dymlsk3665192952125550346k0hx52auspx56deh/"; http_uri; depth:66; isdataat:!1,relative; content:"www.vasinfo.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421350/; classtype:trojan-activity;sid:81284450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421349)"; flow:established,from_client; content:"GET"; http_method; content:"/eotps/heb_x_1ehlbx9/"; http_uri; depth:21; isdataat:!1,relative; content:"www.gunesoluk.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421349/; classtype:trojan-activity;sid:81284449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421348)"; flow:established,from_client; content:"GET"; http_method; content:"/bower_components/cvbh8_f0_84rai/"; http_uri; depth:33; isdataat:!1,relative; content:"groncrete.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421348/; classtype:trojan-activity;sid:81284448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421347)"; flow:established,from_client; content:"GET"; http_method; content:"/drinkmenu/38vq_z8al_r5cujfy90n/"; http_uri; depth:32; isdataat:!1,relative; content:"gtsouth.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421347/; classtype:trojan-activity;sid:81284447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421346)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/5h_jns_l3s6/"; http_uri; depth:22; isdataat:!1,relative; content:"www.gravelrecords.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421346/; classtype:trojan-activity;sid:81284446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421345)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/olohz_suq_munasyr/"; http_uri; depth:24; isdataat:!1,relative; content:"www.greaudstudio.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421345/; classtype:trojan-activity;sid:81284445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421344)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/overview/9p7jx45432144860352qor325j5bmd3z6p81/"; http_uri; depth:57; isdataat:!1,relative; content:"www.sfiromilos.gr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421344/; classtype:trojan-activity;sid:81284444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421343)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/641103991036/6zq71964877680747aj2viz2qlcgikqz2/"; http_uri; depth:60; isdataat:!1,relative; content:"www.wedif.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421343/; classtype:trojan-activity;sid:81284443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421342)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel/protected-110800226-zewee0nnortb/close-075452092-hy4k7sbjkvpb/cp2uekgghlo1-sbdhxik7/"; http_uri; depth:92; isdataat:!1,relative; content:"lillethun.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421342/; classtype:trojan-activity;sid:81284442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421341)"; flow:established,from_client; content:"GET"; http_method; content:"/peradice.com/private-array/zv46izhvnn-c6akeejelac-ch6h0za-zz9/g910mxo4e7jl1-569s806x8/"; http_uri; depth:87; isdataat:!1,relative; content:"goldenstatetow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421341/; classtype:trojan-activity;sid:81284441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421340)"; flow:established,from_client; content:"GET"; http_method; content:"/system/reporting/8g1986539134vsifajldytp3h/"; http_uri; depth:44; isdataat:!1,relative; content:"www.teploservis.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421340/; classtype:trojan-activity;sid:81284440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421339)"; flow:established,from_client; content:"GET"; http_method; content:"/groundingthecloud.org/nqzx12/"; http_uri; depth:30; isdataat:!1,relative; content:"duncanllc.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421339/; classtype:trojan-activity;sid:81284439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421338)"; flow:established,from_client; content:"GET"; http_method; content:"/library/wk/"; http_uri; depth:12; isdataat:!1,relative; content:"dishnchips.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421338/; classtype:trojan-activity;sid:81284438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421337)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/eodj13/"; http_uri; depth:16; isdataat:!1,relative; content:"classic-recipes.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421337/; classtype:trojan-activity;sid:81284437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421336)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/tw6ljpx/"; http_uri; depth:17; isdataat:!1,relative; content:"alaksir.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421336/; classtype:trojan-activity;sid:81284436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421335)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pm2kx374/"; http_uri; depth:21; isdataat:!1,relative; content:"www.duhallow.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421335/; classtype:trojan-activity;sid:81284435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421334)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/llc/b5x6hc7/qx56072491005zr2nl7vhavfsgnc38/"; http_uri; depth:51; isdataat:!1,relative; content:"www.softwarestore24.de"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421334/; classtype:trojan-activity;sid:81284434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421333)"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.52.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421333/; classtype:trojan-activity;sid:81284433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"111.182.238.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421332/; classtype:trojan-activity;sid:81284432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421331)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/duwrjuq4ud/"; http_uri; depth:21; isdataat:!1,relative; content:"interdentclean.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421331/; classtype:trojan-activity;sid:81284431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421330)"; flow:established,from_client; content:"GET"; http_method; content:"/files/0swfh_d7_3wqdwymn00/"; http_uri; depth:27; isdataat:!1,relative; content:"starrpromotions.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421330/; classtype:trojan-activity;sid:81284430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421329)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/d4wa_m9_8u5yii2j/"; http_uri; depth:29; isdataat:!1,relative; content:"torqueandtalk.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421329/; classtype:trojan-activity;sid:81284429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421328)"; flow:established,from_client; content:"GET"; http_method; content:"/awstats/gjec_g3g_jjblgv8wkh/"; http_uri; depth:29; isdataat:!1,relative; content:"urbaneden.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421328/; classtype:trojan-activity;sid:81284428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421327)"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/mxa61_d_ys8fqozh/"; http_uri; depth:24; isdataat:!1,relative; content:"finestones.dk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421327/; classtype:trojan-activity;sid:81284427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421326)"; flow:established,from_client; content:"GET"; http_method; content:"/o/e_hzu0_hlyygcbr9u/"; http_uri; depth:21; isdataat:!1,relative; content:"luckybit.jp"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421326/; classtype:trojan-activity;sid:81284426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421325)"; flow:established,from_client; content:"GET"; http_method; content:"/staging/7muem-163-8821/"; http_uri; depth:24; isdataat:!1,relative; content:"gorestruly.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421325/; classtype:trojan-activity;sid:81284425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421324)"; flow:established,from_client; content:"GET"; http_method; content:"/taevimncorufglbzhwxqpdkjs/meth.arm5"; http_uri; depth:36; isdataat:!1,relative; content:"snortcnc.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421324/; classtype:trojan-activity;sid:81284424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421323)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.mips"; http_uri; depth:28; isdataat:!1,relative; content:"185.172.110.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421323/; classtype:trojan-activity;sid:81284423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421322)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.mpsl"; http_uri; depth:28; isdataat:!1,relative; content:"185.172.110.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421322/; classtype:trojan-activity;sid:81284422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421321)"; flow:established,from_client; content:"GET"; http_method; content:"/bear.arm"; http_uri; depth:9; isdataat:!1,relative; content:"194.15.36.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421321/; classtype:trojan-activity;sid:81284421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421320)"; flow:established,from_client; content:"GET"; http_method; content:"/bear.x86"; http_uri; depth:9; isdataat:!1,relative; content:"194.15.36.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421320/; classtype:trojan-activity;sid:81284420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.31.3.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421319/; classtype:trojan-activity;sid:81284419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.169.199.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421318/; classtype:trojan-activity;sid:81284418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.66.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421317/; classtype:trojan-activity;sid:81284417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421316/; classtype:trojan-activity;sid:81284416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.158.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421315/; classtype:trojan-activity;sid:81284415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"72.31.40.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421314/; classtype:trojan-activity;sid:81284414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421313)"; flow:established,from_client; content:"GET"; http_method; content:"/a2.jpg"; http_uri; depth:7; isdataat:!1,relative; content:"teletaxis.pt"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421313/; classtype:trojan-activity;sid:81284413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421312)"; flow:established,from_client; content:"GET"; http_method; content:"/images/image03.jpg"; http_uri; depth:19; isdataat:!1,relative; content:"plaitt.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421312/; classtype:trojan-activity;sid:81284412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421311)"; flow:established,from_client; content:"GET"; http_method; content:"/regional/managementboard.vbs"; http_uri; depth:29; isdataat:!1,relative; content:"plaitt.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421311/; classtype:trojan-activity;sid:81284411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421310)"; flow:established,from_client; content:"GET"; http_method; content:"/atif/tito.vbs"; http_uri; depth:14; isdataat:!1,relative; content:"globalwebpay.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421310/; classtype:trojan-activity;sid:81284410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421309)"; flow:established,from_client; content:"GET"; http_method; content:"/swag/run.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"globalwebpay.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421309/; classtype:trojan-activity;sid:81284409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421308)"; flow:established,from_client; content:"GET"; http_method; content:"/protegido/oy3-806-65/"; http_uri; depth:22; isdataat:!1,relative; content:"uniaoabc.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421308/; classtype:trojan-activity;sid:81284408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421307)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/cn/163/foxmail/invoice.exe"; http_uri; depth:31; isdataat:!1,relative; content:"aaacityremovalist.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421307/; classtype:trojan-activity;sid:81284407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421306)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"195.88.208.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421306/; classtype:trojan-activity;sid:81284406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421305)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.spc"; http_uri; depth:13; isdataat:!1,relative; content:"195.88.208.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421305/; classtype:trojan-activity;sid:81284405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421304/; classtype:trojan-activity;sid:81284404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421303)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"195.88.208.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421303/; classtype:trojan-activity;sid:81284403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421302)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.mips"; http_uri; depth:14; isdataat:!1,relative; content:"195.88.208.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421302/; classtype:trojan-activity;sid:81284402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421301)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm"; http_uri; depth:13; isdataat:!1,relative; content:"195.88.208.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421301/; classtype:trojan-activity;sid:81284401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421300)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"195.88.208.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421300/; classtype:trojan-activity;sid:81284400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421299/; classtype:trojan-activity;sid:81284399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"194.87.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_29; reference:url, urlhaus.abuse.ch/url/421298/; classtype:trojan-activity;sid:81284398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (421297)"; flow:established,from_client; content:"GET"; http_method; content:"/23k/hell.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"1