################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2023-02-04 15:19:27 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.158.40"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530158/; classtype:trojan-activity;sid:83393258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.167.35"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530157/; classtype:trojan-activity;sid:83393257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.27.8.81"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530156/; classtype:trojan-activity;sid:83393256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.133.63"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530151/; classtype:trojan-activity;sid:83393251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.235.34"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530152/; classtype:trojan-activity;sid:83393252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.135.144"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530153/; classtype:trojan-activity;sid:83393253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.15.234"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530154/; classtype:trojan-activity;sid:83393254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.18.117"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530150/; classtype:trojan-activity;sid:83393250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.58.68"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530149/; classtype:trojan-activity;sid:83393249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.174.199"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530147/; classtype:trojan-activity;sid:83393247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.253.151"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530148/; classtype:trojan-activity;sid:83393248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.32.52"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530146/; classtype:trojan-activity;sid:83393246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.247.14"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530145/; classtype:trojan-activity;sid:83393245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.105"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530144/; classtype:trojan-activity;sid:83393244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.217.29"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530143/; classtype:trojan-activity;sid:83393243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.135.97.210"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530142/; classtype:trojan-activity;sid:83393242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.99"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530141/; classtype:trojan-activity;sid:83393241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.173.33"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530140/; classtype:trojan-activity;sid:83393240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.209.210.213"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530139/; classtype:trojan-activity;sid:83393239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"122.225.137.18"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530136/; classtype:trojan-activity;sid:83393236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.13.231"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530134/; classtype:trojan-activity;sid:83393234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.44.177"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530135/; classtype:trojan-activity;sid:83393235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.142.197"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530132/; classtype:trojan-activity;sid:83393232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.162.14"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530133/; classtype:trojan-activity;sid:83393233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.158.82"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530131/; classtype:trojan-activity;sid:83393231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.246.63"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530130/; classtype:trojan-activity;sid:83393230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.61.46"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530129/; classtype:trojan-activity;sid:83393229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.203.194.197"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530128/; classtype:trojan-activity;sid:83393228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.151.226.118"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530127/; classtype:trojan-activity;sid:83393227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.82.143.220"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530126/; classtype:trojan-activity;sid:83393226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.0.113"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530125/; classtype:trojan-activity;sid:83393225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.189.100"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530124/; classtype:trojan-activity;sid:83393224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.98.86"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530123/; classtype:trojan-activity;sid:83393223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.116.207.232"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530122/; classtype:trojan-activity;sid:83393222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.214.186"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530121/; classtype:trojan-activity;sid:83393221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.24.206"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530119/; classtype:trojan-activity;sid:83393219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.243.83.152"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530120/; classtype:trojan-activity;sid:83393220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.16.3"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530118/; classtype:trojan-activity;sid:83393218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.61.46"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530117/; classtype:trojan-activity;sid:83393217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.135.249.198"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530116/; classtype:trojan-activity;sid:83393216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.87.95"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530115/; classtype:trojan-activity;sid:83393215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.40.193.138"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530114/; classtype:trojan-activity;sid:83393214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.11.85"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530113/; classtype:trojan-activity;sid:83393213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.129.158"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530112/; classtype:trojan-activity;sid:83393212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.183.79"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530110/; classtype:trojan-activity;sid:83393210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.179.72"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530108/; classtype:trojan-activity;sid:83393208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.126.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530109/; classtype:trojan-activity;sid:83393209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.255.211.234"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530107/; classtype:trojan-activity;sid:83393207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.173.228"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530106/; classtype:trojan-activity;sid:83393206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.75.231.69"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530104/; classtype:trojan-activity;sid:83393204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.227.173.180"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530105/; classtype:trojan-activity;sid:83393205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.215.250.74"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530103/; classtype:trojan-activity;sid:83393203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.43.228"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530102/; classtype:trojan-activity;sid:83393202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.10.32.105"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530098/; classtype:trojan-activity;sid:83393198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.69.97"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530099/; classtype:trojan-activity;sid:83393199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.178.198"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530097/; classtype:trojan-activity;sid:83393197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.38.145"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530095/; classtype:trojan-activity;sid:83393195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.119.229"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530094/; classtype:trojan-activity;sid:83393194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.180.149.4"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530092/; classtype:trojan-activity;sid:83393192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.117.194.24"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530091/; classtype:trojan-activity;sid:83393191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.161.188"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530089/; classtype:trojan-activity;sid:83393189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.129.53"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530088/; classtype:trojan-activity;sid:83393188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.47.171.148"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530086/; classtype:trojan-activity;sid:83393186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.57.152"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530085/; classtype:trojan-activity;sid:83393185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.141.218"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530084/; classtype:trojan-activity;sid:83393184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.210.25"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530083/; classtype:trojan-activity;sid:83393183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.105"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530080/; classtype:trojan-activity;sid:83393180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.144.86"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530079/; classtype:trojan-activity;sid:83393179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.173.73"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530078/; classtype:trojan-activity;sid:83393178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.241.193.255"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530077/; classtype:trojan-activity;sid:83393177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.207.229.25"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530076/; classtype:trojan-activity;sid:83393176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.40.140"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530075/; classtype:trojan-activity;sid:83393175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.15.59.68"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530073/; classtype:trojan-activity;sid:83393173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.90.109"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530074/; classtype:trojan-activity;sid:83393174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.142.66.210"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530072/; classtype:trojan-activity;sid:83393172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.226"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530071/; classtype:trojan-activity;sid:83393171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.25.12"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530070/; classtype:trojan-activity;sid:83393170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.139.145"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530069/; classtype:trojan-activity;sid:83393169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.50.77"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530067/; classtype:trojan-activity;sid:83393167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.123.174.216"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530068/; classtype:trojan-activity;sid:83393168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.25.246"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530065/; classtype:trojan-activity;sid:83393165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.209.194"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530064/; classtype:trojan-activity;sid:83393164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.44.159"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530063/; classtype:trojan-activity;sid:83393163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.204.143.203"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530062/; classtype:trojan-activity;sid:83393162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.213.129.53"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530059/; classtype:trojan-activity;sid:83393159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.23.185"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530058/; classtype:trojan-activity;sid:83393158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.162.99"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530056/; classtype:trojan-activity;sid:83393156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.32.187"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530057/; classtype:trojan-activity;sid:83393157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.243.142"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530055/; classtype:trojan-activity;sid:83393155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.164.241"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530054/; classtype:trojan-activity;sid:83393154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.89.15"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530053/; classtype:trojan-activity;sid:83393153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.246.98"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530052/; classtype:trojan-activity;sid:83393152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.20.188"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530050/; classtype:trojan-activity;sid:83393150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.142.251.242"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530049/; classtype:trojan-activity;sid:83393149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.5.170.229"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530046/; classtype:trojan-activity;sid:83393146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.114.32"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530045/; classtype:trojan-activity;sid:83393145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.157.9"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530044/; classtype:trojan-activity;sid:83393144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.37.105"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530039/; classtype:trojan-activity;sid:83393139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.snoopy"; depth:14; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530033/; classtype:trojan-activity;sid:83393133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.snoopy"; depth:14; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530034/; classtype:trojan-activity;sid:83393134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.snoopy"; depth:15; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530035/; classtype:trojan-activity;sid:83393135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.snoopy"; depth:15; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530036/; classtype:trojan-activity;sid:83393136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.snoopy"; depth:15; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530037/; classtype:trojan-activity;sid:83393137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.snoopy"; depth:15; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530038/; classtype:trojan-activity;sid:83393138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.snoopy"; depth:15; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530029/; classtype:trojan-activity;sid:83393129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.snoopy"; depth:15; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530030/; classtype:trojan-activity;sid:83393130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.snoopy"; depth:14; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530031/; classtype:trojan-activity;sid:83393131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.snoopy"; depth:15; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530032/; classtype:trojan-activity;sid:83393132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.94.218"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530027/; classtype:trojan-activity;sid:83393127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.183.76.23"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530026/; classtype:trojan-activity;sid:83393126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.132.220"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530025/; classtype:trojan-activity;sid:83393125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.38.221.174"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530024/; classtype:trojan-activity;sid:83393124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.163.6"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530023/; classtype:trojan-activity;sid:83393123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.185.212.69"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530022/; classtype:trojan-activity;sid:83393122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.167.157"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530021/; classtype:trojan-activity;sid:83393121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.190.171"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530020/; classtype:trojan-activity;sid:83393120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.165.14"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530019/; classtype:trojan-activity;sid:83393119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.143.10"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530018/; classtype:trojan-activity;sid:83393118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.209.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530016/; classtype:trojan-activity;sid:83393116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.138.167.225"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530014/; classtype:trojan-activity;sid:83393114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.49.160"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530013/; classtype:trojan-activity;sid:83393113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.230.77.79"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530010/; classtype:trojan-activity;sid:83393110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.230.77.79"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530011/; classtype:trojan-activity;sid:83393111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.25.219"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530009/; classtype:trojan-activity;sid:83393109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snoopy.sh"; depth:10; endswith; nocase; http.host; content:"31.42.186.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530006/; classtype:trojan-activity;sid:83393106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc139074685_655515779|3f|hash=bggnh1oaxzgehwqr24hmaleehehaiz5oeuidag8ptud|7c|26|7c|dl=geztsmbxgq3dqni:1675500752:gx4mkbyw0cmv8pufuaifw9bsffbsfi8uzztwfbmgcpx|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:195; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530007/; classtype:trojan-activity;sid:83393107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.207.231.63"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530005/; classtype:trojan-activity;sid:83393105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.117.36"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530004/; classtype:trojan-activity;sid:83393104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.140.47"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530003/; classtype:trojan-activity;sid:83393103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.214.133.21"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530002/; classtype:trojan-activity;sid:83393102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.119.235"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530001/; classtype:trojan-activity;sid:83393101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.172.59"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2530000/; classtype:trojan-activity;sid:83393100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.149.116"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529996/; classtype:trojan-activity;sid:83393096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.0.81"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529995/; classtype:trojan-activity;sid:83393095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.154.238"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529994/; classtype:trojan-activity;sid:83393094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.82.185"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529993/; classtype:trojan-activity;sid:83393093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.13.72"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529992/; classtype:trojan-activity;sid:83393092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.55.220"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529990/; classtype:trojan-activity;sid:83393090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.168.115"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529991/; classtype:trojan-activity;sid:83393091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.154.238"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529988/; classtype:trojan-activity;sid:83393088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.240.19"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529984/; classtype:trojan-activity;sid:83393084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.243.126"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529983/; classtype:trojan-activity;sid:83393083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.66.33"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529982/; classtype:trojan-activity;sid:83393082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.198.253"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529980/; classtype:trojan-activity;sid:83393080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.2.51"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529979/; classtype:trojan-activity;sid:83393079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"2.196.167.236"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529978/; classtype:trojan-activity;sid:83393078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.87.59.171"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529975/; classtype:trojan-activity;sid:83393075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.232.191"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529976/; classtype:trojan-activity;sid:83393076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.51.192.102"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529974/; classtype:trojan-activity;sid:83393074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.88.79"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529973/; classtype:trojan-activity;sid:83393073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.97.117"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529971/; classtype:trojan-activity;sid:83393071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"192.141.33.128"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529969/; classtype:trojan-activity;sid:83393069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.210.79.39"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529967/; classtype:trojan-activity;sid:83393067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.193.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529965/; classtype:trojan-activity;sid:83393065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.236.215"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529964/; classtype:trojan-activity;sid:83393064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.91.214"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529962/; classtype:trojan-activity;sid:83393062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"192.141.33.128"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529958/; classtype:trojan-activity;sid:83393058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529957/; classtype:trojan-activity;sid:83393057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.143.39.31"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529956/; classtype:trojan-activity;sid:83393056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.212.246"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529955/; classtype:trojan-activity;sid:83393055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"2.143.39.31"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529950/; classtype:trojan-activity;sid:83393050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"45.9.74.88"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529947/; classtype:trojan-activity;sid:83393047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.82.161.112"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529943/; classtype:trojan-activity;sid:83393043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"160.202.49.151"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529942/; classtype:trojan-activity;sid:83393042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.161.175"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529941/; classtype:trojan-activity;sid:83393041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.160.226"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529939/; classtype:trojan-activity;sid:83393039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.165.197"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529940/; classtype:trojan-activity;sid:83393040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.20.91"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529938/; classtype:trojan-activity;sid:83393038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.241.187.209"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529936/; classtype:trojan-activity;sid:83393036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.123.157"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529935/; classtype:trojan-activity;sid:83393035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.0.11"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529931/; classtype:trojan-activity;sid:83393031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.165.81"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529932/; classtype:trojan-activity;sid:83393032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.18.249"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529930/; classtype:trojan-activity;sid:83393030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.95.227.177"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529929/; classtype:trojan-activity;sid:83393029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.232.177.73"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529927/; classtype:trojan-activity;sid:83393027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.11.252"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529925/; classtype:trojan-activity;sid:83393025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.148.117"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529924/; classtype:trojan-activity;sid:83393024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.173.40"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529921/; classtype:trojan-activity;sid:83393021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.101.223"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529920/; classtype:trojan-activity;sid:83393020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.123.157"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529918/; classtype:trojan-activity;sid:83393018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.214.216.252"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529916/; classtype:trojan-activity;sid:83393016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.187.209"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529917/; classtype:trojan-activity;sid:83393017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.115.238"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529912/; classtype:trojan-activity;sid:83393012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.84.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529913/; classtype:trojan-activity;sid:83393013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.190.208"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529911/; classtype:trojan-activity;sid:83393011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.59.216.79"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529910/; classtype:trojan-activity;sid:83393010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.246.210"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529901/; classtype:trojan-activity;sid:83393001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.171.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529900/; classtype:trojan-activity;sid:83393000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"1.246.222.237"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529896/; classtype:trojan-activity;sid:83392996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.158.122"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529894/; classtype:trojan-activity;sid:83392994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.185.44.109"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529893/; classtype:trojan-activity;sid:83392993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.181.58"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529884/; classtype:trojan-activity;sid:83392984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.255.13.72"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529883/; classtype:trojan-activity;sid:83392983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.238.54.212"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529882/; classtype:trojan-activity;sid:83392982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.12.185.197"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529881/; classtype:trojan-activity;sid:83392981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.158.122"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529880/; classtype:trojan-activity;sid:83392980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.130.12"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529879/; classtype:trojan-activity;sid:83392979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.181.58"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529878/; classtype:trojan-activity;sid:83392978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.130.140"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529877/; classtype:trojan-activity;sid:83392977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.88.17"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529876/; classtype:trojan-activity;sid:83392976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.160.185"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529873/; classtype:trojan-activity;sid:83392973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.249.61"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529874/; classtype:trojan-activity;sid:83392974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.225.149"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529875/; classtype:trojan-activity;sid:83392975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.38.188"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529872/; classtype:trojan-activity;sid:83392972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.56.244"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529871/; classtype:trojan-activity;sid:83392971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.188.201.113"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529868/; classtype:trojan-activity;sid:83392968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.186.136.111"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529865/; classtype:trojan-activity;sid:83392965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.247.26"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529864/; classtype:trojan-activity;sid:83392964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.118.163"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529862/; classtype:trojan-activity;sid:83392962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc139074685_655480742|3f|hash=7zxvfyyqysywbs7lphx77tbk4ke6gejcswjachnlvap|7c|26|7c|dl=geztsmbxgq3dqni:1675436769:l3oiazt4yeyyzovtslxqckmszuglzdl9fjbvzi503ah|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:195; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529861/; classtype:trojan-activity;sid:83392961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.192.183"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529857/; classtype:trojan-activity;sid:83392957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ubjo.zip"; depth:9; endswith; nocase; http.host; content:"courire.org"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529852/; classtype:trojan-activity;sid:83392952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgbdimp.dat"; depth:12; endswith; nocase; http.host; content:"courire.org"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529853/; classtype:trojan-activity;sid:83392953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyrlnickh58765421.exe"; depth:22; endswith; nocase; http.host; content:"studio3d.med.ec"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529851/; classtype:trojan-activity;sid:83392951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oulalaa/test3.exe"; depth:18; endswith; nocase; http.host; content:"n8w5.c12.e2-1.dev"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529848/; classtype:trojan-activity;sid:83392948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is/zhiga.exe"; depth:13; endswith; nocase; http.host; content:"62.204.41.248"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529849/; classtype:trojan-activity;sid:83392949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li/flow.exe"; depth:12; endswith; nocase; http.host; content:"62.204.41.248"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529850/; classtype:trojan-activity;sid:83392950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.130.140"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529844/; classtype:trojan-activity;sid:83392944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.125.113.141"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529841/; classtype:trojan-activity;sid:83392941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.67.61"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529843/; classtype:trojan-activity;sid:83392943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.34.152"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529839/; classtype:trojan-activity;sid:83392939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.18.249"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529838/; classtype:trojan-activity;sid:83392938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stilak32.rar"; depth:13; endswith; nocase; http.host; content:"176.113.115.177"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529835/; classtype:trojan-activity;sid:83392935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stilak64.rar"; depth:13; endswith; nocase; http.host; content:"176.113.115.177"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529836/; classtype:trojan-activity;sid:83392936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.29.65"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529832/; classtype:trojan-activity;sid:83392932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.21.48"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529831/; classtype:trojan-activity;sid:83392931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.193.93"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529829/; classtype:trojan-activity;sid:83392929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.122.90"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529830/; classtype:trojan-activity;sid:83392930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.100.250"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529828/; classtype:trojan-activity;sid:83392928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.72.178"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529825/; classtype:trojan-activity;sid:83392925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.214.125"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529824/; classtype:trojan-activity;sid:83392924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.86.185"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529823/; classtype:trojan-activity;sid:83392923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.12.138"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529821/; classtype:trojan-activity;sid:83392921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.34.152"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529819/; classtype:trojan-activity;sid:83392919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.244.220"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529818/; classtype:trojan-activity;sid:83392918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.219.22"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529817/; classtype:trojan-activity;sid:83392917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bu58ngs/plugins/clip64.dll"; depth:27; endswith; nocase; http.host; content:"62.204.41.5"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529815/; classtype:trojan-activity;sid:83392915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gol478ns/plugins/clip64.dll"; depth:28; endswith; nocase; http.host; content:"62.204.41.4"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529816/; classtype:trojan-activity;sid:83392916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.236.73"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529811/; classtype:trojan-activity;sid:83392911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.229.161"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529809/; classtype:trojan-activity;sid:83392909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.59.53.129"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529807/; classtype:trojan-activity;sid:83392907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.105.101"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529804/; classtype:trojan-activity;sid:83392904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.95.221.70"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529802/; classtype:trojan-activity;sid:83392902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.243.185"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529801/; classtype:trojan-activity;sid:83392901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.59"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529800/; classtype:trojan-activity;sid:83392900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.211.35"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529798/; classtype:trojan-activity;sid:83392898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.238.38"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529794/; classtype:trojan-activity;sid:83392894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.196.167.236"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529793/; classtype:trojan-activity;sid:83392893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.175.41"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529791/; classtype:trojan-activity;sid:83392891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.141.96"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529792/; classtype:trojan-activity;sid:83392892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.217.38"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529789/; classtype:trojan-activity;sid:83392889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.174.95"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529790/; classtype:trojan-activity;sid:83392890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.116.45.122"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529788/; classtype:trojan-activity;sid:83392888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.31.97"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529784/; classtype:trojan-activity;sid:83392884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.115.166"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529783/; classtype:trojan-activity;sid:83392883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.115.2"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529781/; classtype:trojan-activity;sid:83392881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.59"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529779/; classtype:trojan-activity;sid:83392879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.123"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529778/; classtype:trojan-activity;sid:83392878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.62.243"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529777/; classtype:trojan-activity;sid:83392877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.87.56.131"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529776/; classtype:trojan-activity;sid:83392876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.12.253.12"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529775/; classtype:trojan-activity;sid:83392875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95ckd0t6qfga.exe"; depth:17; endswith; nocase; http.host; content:"109.172.45.94"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529774/; classtype:trojan-activity;sid:83392874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.159.123"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529770/; classtype:trojan-activity;sid:83392870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.65.70.45"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529769/; classtype:trojan-activity;sid:83392869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.64.122"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529768/; classtype:trojan-activity;sid:83392868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.23.27"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529765/; classtype:trojan-activity;sid:83392865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.5.92"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529764/; classtype:trojan-activity;sid:83392864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.135.212"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529763/; classtype:trojan-activity;sid:83392863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"105.154.57.146"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529760/; classtype:trojan-activity;sid:83392860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.48.242.186"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529759/; classtype:trojan-activity;sid:83392859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.21.90"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529758/; classtype:trojan-activity;sid:83392858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.107.71"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529754/; classtype:trojan-activity;sid:83392854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.75.184"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529752/; classtype:trojan-activity;sid:83392852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.84.105"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529753/; classtype:trojan-activity;sid:83392853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.189.229"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529749/; classtype:trojan-activity;sid:83392849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.86.81"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529747/; classtype:trojan-activity;sid:83392847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.64.122"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529746/; classtype:trojan-activity;sid:83392846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76/vbc.exe"; depth:11; endswith; nocase; http.host; content:"38.153.157.57"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529745/; classtype:trojan-activity;sid:83392845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/meta4.exe"; depth:15; endswith; nocase; http.host; content:"62.204.41.88"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529743/; classtype:trojan-activity;sid:83392843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/redline100.exe"; depth:20; endswith; nocase; http.host; content:"62.204.41.88"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529744/; classtype:trojan-activity;sid:83392844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.150.49.23"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529739/; classtype:trojan-activity;sid:83392839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.82.212"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529738/; classtype:trojan-activity;sid:83392838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.86.81"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529733/; classtype:trojan-activity;sid:83392833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ippinstaller.exe"; depth:17; endswith; nocase; http.host; content:"104.234.118.34"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529732/; classtype:trojan-activity;sid:83392832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.210.70"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529730/; classtype:trojan-activity;sid:83392830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.22.46"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529729/; classtype:trojan-activity;sid:83392829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"139.190.239.106"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529727/; classtype:trojan-activity;sid:83392827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.199.147.3"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529726/; classtype:trojan-activity;sid:83392826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"157.122.107.116"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529724/; classtype:trojan-activity;sid:83392824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.185.23.99"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529725/; classtype:trojan-activity;sid:83392825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.195.85.96"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529722/; classtype:trojan-activity;sid:83392822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.202.194.214"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529719/; classtype:trojan-activity;sid:83392819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.41.230"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529717/; classtype:trojan-activity;sid:83392817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.22.46"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529714/; classtype:trojan-activity;sid:83392814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.242.80.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529713/; classtype:trojan-activity;sid:83392813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.253.10.188"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529711/; classtype:trojan-activity;sid:83392811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.25.186"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529710/; classtype:trojan-activity;sid:83392810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.215.59"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529708/; classtype:trojan-activity;sid:83392808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.39.35"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529707/; classtype:trojan-activity;sid:83392807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.21.242.58"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529706/; classtype:trojan-activity;sid:83392806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.188.146"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529705/; classtype:trojan-activity;sid:83392805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.178"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529704/; classtype:trojan-activity;sid:83392804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.228.108.252"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529703/; classtype:trojan-activity;sid:83392803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.29.65"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529701/; classtype:trojan-activity;sid:83392801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.45.58"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529699/; classtype:trojan-activity;sid:83392799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.156.171"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529696/; classtype:trojan-activity;sid:83392796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.157.105"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529694/; classtype:trojan-activity;sid:83392794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.230.104"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529692/; classtype:trojan-activity;sid:83392792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.178"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529691/; classtype:trojan-activity;sid:83392791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.115.160.3"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529690/; classtype:trojan-activity;sid:83392790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.181.249"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529688/; classtype:trojan-activity;sid:83392788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.124.152.213"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529689/; classtype:trojan-activity;sid:83392789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.112.243"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529687/; classtype:trojan-activity;sid:83392787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.9.43.227"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529683/; classtype:trojan-activity;sid:83392783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529682/; classtype:trojan-activity;sid:83392782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529681/; classtype:trojan-activity;sid:83392781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529675/; classtype:trojan-activity;sid:83392775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529676/; classtype:trojan-activity;sid:83392776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc"; depth:3; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529677/; classtype:trojan-activity;sid:83392777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529678/; classtype:trojan-activity;sid:83392778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dss"; depth:4; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529679/; classtype:trojan-activity;sid:83392779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529680/; classtype:trojan-activity;sid:83392780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co"; depth:3; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529672/; classtype:trojan-activity;sid:83392772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529673/; classtype:trojan-activity;sid:83392773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"45.9.148.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529674/; classtype:trojan-activity;sid:83392774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.173.89.213"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529669/; classtype:trojan-activity;sid:83392769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.142.187"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529658/; classtype:trojan-activity;sid:83392758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.5.60.228"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529659/; classtype:trojan-activity;sid:83392759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.234.108.176"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529657/; classtype:trojan-activity;sid:83392757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.16"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529653/; classtype:trojan-activity;sid:83392753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.189.76"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529652/; classtype:trojan-activity;sid:83392752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.110.192"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529650/; classtype:trojan-activity;sid:83392750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.157.105"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529649/; classtype:trojan-activity;sid:83392749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.205.5"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529648/; classtype:trojan-activity;sid:83392748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.248.8"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529645/; classtype:trojan-activity;sid:83392745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.230.104"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529642/; classtype:trojan-activity;sid:83392742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.220.148.13"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529641/; classtype:trojan-activity;sid:83392741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.170.102"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529640/; classtype:trojan-activity;sid:83392740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.190.239.93"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529639/; classtype:trojan-activity;sid:83392739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.116.132"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529634/; classtype:trojan-activity;sid:83392734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.103.48"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529632/; classtype:trojan-activity;sid:83392732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.24.82.177"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529627/; classtype:trojan-activity;sid:83392727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.248.8"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529624/; classtype:trojan-activity;sid:83392724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.5.92"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529620/; classtype:trojan-activity;sid:83392720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.57.85"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529616/; classtype:trojan-activity;sid:83392716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.33.193"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529617/; classtype:trojan-activity;sid:83392717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.83.132"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529615/; classtype:trojan-activity;sid:83392715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"163.123.142.241"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529613/; classtype:trojan-activity;sid:83392713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.86.194"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529611/; classtype:trojan-activity;sid:83392711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.160.226"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529610/; classtype:trojan-activity;sid:83392710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"139.190.239.93"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529609/; classtype:trojan-activity;sid:83392709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.37.136"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529605/; classtype:trojan-activity;sid:83392705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.168.235"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529604/; classtype:trojan-activity;sid:83392704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.205.122.85"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529603/; classtype:trojan-activity;sid:83392703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.228.73.165"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529602/; classtype:trojan-activity;sid:83392702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.93.214"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529601/; classtype:trojan-activity;sid:83392701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.203.129"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529600/; classtype:trojan-activity;sid:83392700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.120.90.239"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529599/; classtype:trojan-activity;sid:83392699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.119.229"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529598/; classtype:trojan-activity;sid:83392698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.168.225.242"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529597/; classtype:trojan-activity;sid:83392697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.89.89"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529596/; classtype:trojan-activity;sid:83392696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.123.16.61"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529595/; classtype:trojan-activity;sid:83392695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.123.0"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529594/; classtype:trojan-activity;sid:83392694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.97.66"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529592/; classtype:trojan-activity;sid:83392692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.122.208.247"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529589/; classtype:trojan-activity;sid:83392689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.213.46.232"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529587/; classtype:trojan-activity;sid:83392687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view.png"; depth:9; endswith; nocase; http.host; content:"helthbrotthersg.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529583/; classtype:trojan-activity;sid:83392683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.252.124.166"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529580/; classtype:trojan-activity;sid:83392680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.213.129.53"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529578/; classtype:trojan-activity;sid:83392678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.98.202"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529576/; classtype:trojan-activity;sid:83392676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.93.214"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529573/; classtype:trojan-activity;sid:83392673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.202.252"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529574/; classtype:trojan-activity;sid:83392674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.104.166"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529572/; classtype:trojan-activity;sid:83392672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.182.214"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529568/; classtype:trojan-activity;sid:83392668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.37.83"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529566/; classtype:trojan-activity;sid:83392666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.16.122"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529565/; classtype:trojan-activity;sid:83392665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.165.98"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529564/; classtype:trojan-activity;sid:83392664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.175.102.52"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529562/; classtype:trojan-activity;sid:83392662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.104.17"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529555/; classtype:trojan-activity;sid:83392655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.229.182.135"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529552/; classtype:trojan-activity;sid:83392652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.207.238.81"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529550/; classtype:trojan-activity;sid:83392650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.231.240.252"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529548/; classtype:trojan-activity;sid:83392648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.248"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529547/; classtype:trojan-activity;sid:83392647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.64.113"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529546/; classtype:trojan-activity;sid:83392646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.75.66.136"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529544/; classtype:trojan-activity;sid:83392644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.103.161"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529542/; classtype:trojan-activity;sid:83392642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.171.251.207"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529539/; classtype:trojan-activity;sid:83392639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.44.199"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529535/; classtype:trojan-activity;sid:83392635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.93.32.151"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529534/; classtype:trojan-activity;sid:83392634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.255.199"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529531/; classtype:trojan-activity;sid:83392631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.79.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529530/; classtype:trojan-activity;sid:83392630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.24.72"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529528/; classtype:trojan-activity;sid:83392628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.179.96"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_04; reference:url, urlhaus.abuse.ch/url/2529527/; classtype:trojan-activity;sid:83392627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.220.140"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529526/; classtype:trojan-activity;sid:83392626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.41.39.126"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529525/; classtype:trojan-activity;sid:83392625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.220"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529524/; classtype:trojan-activity;sid:83392624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.146.229"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529523/; classtype:trojan-activity;sid:83392623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.81.121"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529520/; classtype:trojan-activity;sid:83392620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.53.50.146"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529521/; classtype:trojan-activity;sid:83392621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.185.89.163"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529522/; classtype:trojan-activity;sid:83392622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ombrometerc.exe"; depth:16; endswith; nocase; http.host; content:"hrbrmacu.beget.tech"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529519/; classtype:trojan-activity;sid:83392619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.81.160"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529518/; classtype:trojan-activity;sid:83392618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.88.218.22"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529517/; classtype:trojan-activity;sid:83392617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.220.137"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529516/; classtype:trojan-activity;sid:83392616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.212.28"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529515/; classtype:trojan-activity;sid:83392615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.194.96"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529514/; classtype:trojan-activity;sid:83392614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.206.107"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529513/; classtype:trojan-activity;sid:83392613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.115.135.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529512/; classtype:trojan-activity;sid:83392612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.57.108"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529511/; classtype:trojan-activity;sid:83392611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.24.72"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529510/; classtype:trojan-activity;sid:83392610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.134.205"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529509/; classtype:trojan-activity;sid:83392609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.187.46"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529508/; classtype:trojan-activity;sid:83392608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.102.111"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529507/; classtype:trojan-activity;sid:83392607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.195.97.155"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529506/; classtype:trojan-activity;sid:83392606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.1.223"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529505/; classtype:trojan-activity;sid:83392605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.129"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529504/; classtype:trojan-activity;sid:83392604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.193.196"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529503/; classtype:trojan-activity;sid:83392603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.241.191.155"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529502/; classtype:trojan-activity;sid:83392602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.173.87.240"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529501/; classtype:trojan-activity;sid:83392601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.206.250"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529500/; classtype:trojan-activity;sid:83392600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.16.79"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529499/; classtype:trojan-activity;sid:83392599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"94.121.14.153"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529496/; classtype:trojan-activity;sid:83392596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.25.135.66"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529497/; classtype:trojan-activity;sid:83392597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.252.183.20"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529498/; classtype:trojan-activity;sid:83392598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.115.152"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529495/; classtype:trojan-activity;sid:83392595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.237.131.217"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529492/; classtype:trojan-activity;sid:83392592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.1.223"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529493/; classtype:trojan-activity;sid:83392593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.131.14"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529494/; classtype:trojan-activity;sid:83392594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.16.137"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529491/; classtype:trojan-activity;sid:83392591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.91.214"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529490/; classtype:trojan-activity;sid:83392590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.19.42"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529489/; classtype:trojan-activity;sid:83392589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.220"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529488/; classtype:trojan-activity;sid:83392588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.22.99"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529487/; classtype:trojan-activity;sid:83392587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.195.97.155"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529486/; classtype:trojan-activity;sid:83392586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.159.30"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529485/; classtype:trojan-activity;sid:83392585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.33.66"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529484/; classtype:trojan-activity;sid:83392584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.159.47.53"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529483/; classtype:trojan-activity;sid:83392583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.112.35"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529482/; classtype:trojan-activity;sid:83392582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.241.141.165"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529481/; classtype:trojan-activity;sid:83392581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.41.18.3"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529480/; classtype:trojan-activity;sid:83392580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.194.170.125"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529479/; classtype:trojan-activity;sid:83392579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.101.150"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529478/; classtype:trojan-activity;sid:83392578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"78.38.152.33"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529477/; classtype:trojan-activity;sid:83392577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.225.38"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529476/; classtype:trojan-activity;sid:83392576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.62"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529475/; classtype:trojan-activity;sid:83392575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.194.172"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529474/; classtype:trojan-activity;sid:83392574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.225.150"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529472/; classtype:trojan-activity;sid:83392572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.91.116"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529473/; classtype:trojan-activity;sid:83392573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.186.217"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529471/; classtype:trojan-activity;sid:83392571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.162.70"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529468/; classtype:trojan-activity;sid:83392568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.19.42"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529469/; classtype:trojan-activity;sid:83392569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.140.216.193"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529470/; classtype:trojan-activity;sid:83392570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.56.51.45"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529467/; classtype:trojan-activity;sid:83392567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.25.135.66"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529466/; classtype:trojan-activity;sid:83392566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.169.22"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529465/; classtype:trojan-activity;sid:83392565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"www.brancatosnc.it"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529464/; classtype:trojan-activity;sid:83392564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ombus.exe"; depth:10; endswith; nocase; http.host; content:"ytjyjyjyf.site"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529463/; classtype:trojan-activity;sid:83392563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.209.43"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529462/; classtype:trojan-activity;sid:83392562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529461/; classtype:trojan-activity;sid:83392561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.201.144"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529459/; classtype:trojan-activity;sid:83392559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.5.230"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529460/; classtype:trojan-activity;sid:83392560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.204.27"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529458/; classtype:trojan-activity;sid:83392558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.170.128"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529457/; classtype:trojan-activity;sid:83392557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.205.62"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529456/; classtype:trojan-activity;sid:83392556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.180.62"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529455/; classtype:trojan-activity;sid:83392555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.255.80"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529454/; classtype:trojan-activity;sid:83392554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.233.110"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529452/; classtype:trojan-activity;sid:83392552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.22.46"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529453/; classtype:trojan-activity;sid:83392553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.255.109"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529451/; classtype:trojan-activity;sid:83392551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.104.41.241"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529450/; classtype:trojan-activity;sid:83392550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.34.245"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529449/; classtype:trojan-activity;sid:83392549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.209.43"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529448/; classtype:trojan-activity;sid:83392548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.124.13.99"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529447/; classtype:trojan-activity;sid:83392547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.16.212"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529446/; classtype:trojan-activity;sid:83392546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.175.174"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529445/; classtype:trojan-activity;sid:83392545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.81.160"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529444/; classtype:trojan-activity;sid:83392544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.129.44"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529443/; classtype:trojan-activity;sid:83392543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.81.160"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529442/; classtype:trojan-activity;sid:83392542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.242.126"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529440/; classtype:trojan-activity;sid:83392540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.40.149.220"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529441/; classtype:trojan-activity;sid:83392541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.221.97"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529439/; classtype:trojan-activity;sid:83392539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.230.190.177"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529438/; classtype:trojan-activity;sid:83392538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.87.95"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529437/; classtype:trojan-activity;sid:83392537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.8.72"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529436/; classtype:trojan-activity;sid:83392536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.46.19.163"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529433/; classtype:trojan-activity;sid:83392533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.124.13.99"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529434/; classtype:trojan-activity;sid:83392534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.92.82"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529435/; classtype:trojan-activity;sid:83392535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.58.155.179"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529432/; classtype:trojan-activity;sid:83392532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.18.133"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529431/; classtype:trojan-activity;sid:83392531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.200.85"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529429/; classtype:trojan-activity;sid:83392529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.207.114"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529430/; classtype:trojan-activity;sid:83392530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.234.183.117"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529428/; classtype:trojan-activity;sid:83392528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.103.154.119"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529427/; classtype:trojan-activity;sid:83392527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.233.202.43"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529426/; classtype:trojan-activity;sid:83392526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.89.210.237"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529425/; classtype:trojan-activity;sid:83392525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.226.155.45"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529424/; classtype:trojan-activity;sid:83392524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.126.220"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529422/; classtype:trojan-activity;sid:83392522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.35.243.105"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529423/; classtype:trojan-activity;sid:83392523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.172.96"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529421/; classtype:trojan-activity;sid:83392521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.61.154.108"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529420/; classtype:trojan-activity;sid:83392520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.227.87.199"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529419/; classtype:trojan-activity;sid:83392519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.167.198"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529418/; classtype:trojan-activity;sid:83392518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.110.29"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529417/; classtype:trojan-activity;sid:83392517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.80.167"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529416/; classtype:trojan-activity;sid:83392516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.174.147"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529415/; classtype:trojan-activity;sid:83392515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.94.236"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529414/; classtype:trojan-activity;sid:83392514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.226.80"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529413/; classtype:trojan-activity;sid:83392513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"2.140.114.69"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529412/; classtype:trojan-activity;sid:83392512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.22.14"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529411/; classtype:trojan-activity;sid:83392511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.198.99.219"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529410/; classtype:trojan-activity;sid:83392510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.5.43.234"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529409/; classtype:trojan-activity;sid:83392509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.124.185.44"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529408/; classtype:trojan-activity;sid:83392508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.69.82"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529407/; classtype:trojan-activity;sid:83392507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.171.107"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529406/; classtype:trojan-activity;sid:83392506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.98.159"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529405/; classtype:trojan-activity;sid:83392505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.48.93"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529404/; classtype:trojan-activity;sid:83392504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.167.198"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529403/; classtype:trojan-activity;sid:83392503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.236.252.229"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529402/; classtype:trojan-activity;sid:83392502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.176.101.96"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529400/; classtype:trojan-activity;sid:83392500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.137.105"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529401/; classtype:trojan-activity;sid:83392501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.102.178"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529399/; classtype:trojan-activity;sid:83392499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.247.92"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529398/; classtype:trojan-activity;sid:83392498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.159.125.52"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529397/; classtype:trojan-activity;sid:83392497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d3sq3vz/r.png"; depth:14; endswith; nocase; http.host; content:"key4academy.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529396/; classtype:trojan-activity;sid:83392496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs0p74/r.png"; depth:13; endswith; nocase; http.host; content:"boosterfollow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529395/; classtype:trojan-activity;sid:83392495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.110.29"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529393/; classtype:trojan-activity;sid:83392493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.230.120"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529394/; classtype:trojan-activity;sid:83392494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"106.56.36.3"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529392/; classtype:trojan-activity;sid:83392492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.241.41"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529391/; classtype:trojan-activity;sid:83392491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.243.131"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529390/; classtype:trojan-activity;sid:83392490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.8.239"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529389/; classtype:trojan-activity;sid:83392489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.239.112.182"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529388/; classtype:trojan-activity;sid:83392488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.151.23"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529387/; classtype:trojan-activity;sid:83392487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.10.17.6"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529386/; classtype:trojan-activity;sid:83392486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.45.121.229"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529385/; classtype:trojan-activity;sid:83392485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.69.82"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529384/; classtype:trojan-activity;sid:83392484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.104.166"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529383/; classtype:trojan-activity;sid:83392483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.16.103.226"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529382/; classtype:trojan-activity;sid:83392482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.108.48"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529381/; classtype:trojan-activity;sid:83392481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.83.237"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529380/; classtype:trojan-activity;sid:83392480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.83.237"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529379/; classtype:trojan-activity;sid:83392479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.17.96"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529377/; classtype:trojan-activity;sid:83392477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.36.178"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529378/; classtype:trojan-activity;sid:83392478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.13.0"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529376/; classtype:trojan-activity;sid:83392476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.186.184"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529374/; classtype:trojan-activity;sid:83392474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.242.173"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529375/; classtype:trojan-activity;sid:83392475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.159.137"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529373/; classtype:trojan-activity;sid:83392473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.129.44"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529372/; classtype:trojan-activity;sid:83392472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.144.60"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529371/; classtype:trojan-activity;sid:83392471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.94.89"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529370/; classtype:trojan-activity;sid:83392470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.104.166"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529369/; classtype:trojan-activity;sid:83392469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.68.224"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529368/; classtype:trojan-activity;sid:83392468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.20.36"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529367/; classtype:trojan-activity;sid:83392467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.152.231"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529366/; classtype:trojan-activity;sid:83392466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.177.39.167"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529365/; classtype:trojan-activity;sid:83392465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.95.169.236"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529364/; classtype:trojan-activity;sid:83392464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.83.106.25"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529363/; classtype:trojan-activity;sid:83392463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.232.134"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529361/; classtype:trojan-activity;sid:83392461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.102.131.191"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529362/; classtype:trojan-activity;sid:83392462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.249.49"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529360/; classtype:trojan-activity;sid:83392460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.54.239.99"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529359/; classtype:trojan-activity;sid:83392459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.61.149"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529358/; classtype:trojan-activity;sid:83392458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.132.203.183"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529357/; classtype:trojan-activity;sid:83392457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.213.209.63"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529356/; classtype:trojan-activity;sid:83392456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.209.235"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529355/; classtype:trojan-activity;sid:83392455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.249.47"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529354/; classtype:trojan-activity;sid:83392454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.22.19"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529353/; classtype:trojan-activity;sid:83392453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.72.205.194"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529352/; classtype:trojan-activity;sid:83392452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.67.135"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529350/; classtype:trojan-activity;sid:83392450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.237.125"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529351/; classtype:trojan-activity;sid:83392451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.80.160"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529349/; classtype:trojan-activity;sid:83392449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.242.173"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529348/; classtype:trojan-activity;sid:83392448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.159.137"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529347/; classtype:trojan-activity;sid:83392447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/fh5bwzag"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529346/; classtype:trojan-activity;sid:83392446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.102.131.191"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529345/; classtype:trojan-activity;sid:83392445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"102.33.37.181"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529344/; classtype:trojan-activity;sid:83392444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.253.134"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529343/; classtype:trojan-activity;sid:83392443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.68.224"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529342/; classtype:trojan-activity;sid:83392442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.144.60"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529341/; classtype:trojan-activity;sid:83392441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.132.149"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529340/; classtype:trojan-activity;sid:83392440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/71446.dat"; depth:10; endswith; nocase; http.host; content:"49.50.84.121"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529339/; classtype:trojan-activity;sid:83392439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13333.exe"; depth:10; endswith; nocase; http.host; content:"104.234.118.34"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529337/; classtype:trojan-activity;sid:83392437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aurora.exe"; depth:11; endswith; nocase; http.host; content:"5.252.178.60"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529338/; classtype:trojan-activity;sid:83392438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discord.jar"; depth:12; endswith; nocase; http.host; content:"23.94.99.119"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529336/; classtype:trojan-activity;sid:83392436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discord.exe"; depth:12; endswith; nocase; http.host; content:"23.94.99.119"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529335/; classtype:trojan-activity;sid:83392435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.132.203.183"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529334/; classtype:trojan-activity;sid:83392434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/meta6.exe"; depth:15; endswith; nocase; http.host; content:"62.204.41.88"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529331/; classtype:trojan-activity;sid:83392431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/redline5.exe"; depth:18; endswith; nocase; http.host; content:"62.204.41.88"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529332/; classtype:trojan-activity;sid:83392432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lend/meta5.exe"; depth:15; endswith; nocase; http.host; content:"62.204.41.88"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529333/; classtype:trojan-activity;sid:83392433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.93.25.46"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529330/; classtype:trojan-activity;sid:83392430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.123.36.159"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529329/; classtype:trojan-activity;sid:83392429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.125.49.147"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529328/; classtype:trojan-activity;sid:83392428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.9.216"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529327/; classtype:trojan-activity;sid:83392427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.76.123"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529325/; classtype:trojan-activity;sid:83392425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.250.158"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529326/; classtype:trojan-activity;sid:83392426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.88.66"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529323/; classtype:trojan-activity;sid:83392423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.102.178"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529324/; classtype:trojan-activity;sid:83392424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"109.172.45.132"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529322/; classtype:trojan-activity;sid:83392422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.238.170.110"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529321/; classtype:trojan-activity;sid:83392421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.213.209.63"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529320/; classtype:trojan-activity;sid:83392420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.249.47"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529319/; classtype:trojan-activity;sid:83392419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.110.144.114"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529318/; classtype:trojan-activity;sid:83392418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.22.19"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529317/; classtype:trojan-activity;sid:83392417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.74.157"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529316/; classtype:trojan-activity;sid:83392416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.175.180"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529315/; classtype:trojan-activity;sid:83392415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.163.79.228"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529314/; classtype:trojan-activity;sid:83392414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.30.147"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529313/; classtype:trojan-activity;sid:83392413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.240.249.91"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529312/; classtype:trojan-activity;sid:83392412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.121.248"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529311/; classtype:trojan-activity;sid:83392411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.132.149"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529310/; classtype:trojan-activity;sid:83392410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.174.76"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529308/; classtype:trojan-activity;sid:83392408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.54.99.27"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529309/; classtype:trojan-activity;sid:83392409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.68.182"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529307/; classtype:trojan-activity;sid:83392407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.175.59"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529306/; classtype:trojan-activity;sid:83392406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.194.103.95"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529305/; classtype:trojan-activity;sid:83392405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.150.8"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529304/; classtype:trojan-activity;sid:83392404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.93.25.46"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529303/; classtype:trojan-activity;sid:83392403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"194.88.194.128"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529302/; classtype:trojan-activity;sid:83392402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"107.189.5.161"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529301/; classtype:trojan-activity;sid:83392401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"45.9.74.88"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529300/; classtype:trojan-activity;sid:83392400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.161.184"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529299/; classtype:trojan-activity;sid:83392399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.88.66"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529298/; classtype:trojan-activity;sid:83392398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.114.189.114"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529297/; classtype:trojan-activity;sid:83392397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.106.223.235"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529294/; classtype:trojan-activity;sid:83392394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.229.64"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529295/; classtype:trojan-activity;sid:83392395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.28.218"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529296/; classtype:trojan-activity;sid:83392396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.105.37"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529293/; classtype:trojan-activity;sid:83392393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"hajunxz.cc"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529292/; classtype:trojan-activity;sid:83392392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.69.107.27"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529291/; classtype:trojan-activity;sid:83392391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"hajunxz.cc"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529288/; classtype:trojan-activity;sid:83392388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"hajunxz.cc"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529289/; classtype:trojan-activity;sid:83392389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"hajunxz.cc"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529290/; classtype:trojan-activity;sid:83392390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"hajunxz.cc8"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529287/; classtype:trojan-activity;sid:83392387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.123.216.71"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529286/; classtype:trojan-activity;sid:83392386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529284/; classtype:trojan-activity;sid:83392384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.40.190"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529285/; classtype:trojan-activity;sid:83392385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.120.240.94"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529283/; classtype:trojan-activity;sid:83392383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529280/; classtype:trojan-activity;sid:83392380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529281/; classtype:trojan-activity;sid:83392381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529282/; classtype:trojan-activity;sid:83392382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529276/; classtype:trojan-activity;sid:83392376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529277/; classtype:trojan-activity;sid:83392377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529278/; classtype:trojan-activity;sid:83392378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529279/; classtype:trojan-activity;sid:83392379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529275/; classtype:trojan-activity;sid:83392375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529273/; classtype:trojan-activity;sid:83392373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529274/; classtype:trojan-activity;sid:83392374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.124.100.102"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529272/; classtype:trojan-activity;sid:83392372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.73.86.193"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529271/; classtype:trojan-activity;sid:83392371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.189.109"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529270/; classtype:trojan-activity;sid:83392370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.12.99"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529269/; classtype:trojan-activity;sid:83392369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.37.2"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529267/; classtype:trojan-activity;sid:83392367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.11.244.172"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529268/; classtype:trojan-activity;sid:83392368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.89.135"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529266/; classtype:trojan-activity;sid:83392366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.87.57.144"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529265/; classtype:trojan-activity;sid:83392365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.165.197"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529264/; classtype:trojan-activity;sid:83392364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.104.230"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529263/; classtype:trojan-activity;sid:83392363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.89.127.139"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529262/; classtype:trojan-activity;sid:83392362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.88.12"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529261/; classtype:trojan-activity;sid:83392361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.8.130.194"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529260/; classtype:trojan-activity;sid:83392360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.130.21.26"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529259/; classtype:trojan-activity;sid:83392359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.171.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529258/; classtype:trojan-activity;sid:83392358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bjyw"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529257/; classtype:trojan-activity;sid:83392357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.116.64"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529256/; classtype:trojan-activity;sid:83392356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.121.99"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529254/; classtype:trojan-activity;sid:83392354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.11.85"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529255/; classtype:trojan-activity;sid:83392355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.74.119"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529251/; classtype:trojan-activity;sid:83392351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.183.22"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529252/; classtype:trojan-activity;sid:83392352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.165.49.106"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529253/; classtype:trojan-activity;sid:83392353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.17.184"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529250/; classtype:trojan-activity;sid:83392350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.227.140.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529249/; classtype:trojan-activity;sid:83392349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.201.202.53"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529248/; classtype:trojan-activity;sid:83392348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.75.177"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529247/; classtype:trojan-activity;sid:83392347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.79.161"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529246/; classtype:trojan-activity;sid:83392346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.52.35"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529245/; classtype:trojan-activity;sid:83392345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.71.107.217"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529244/; classtype:trojan-activity;sid:83392344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.174.162"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529243/; classtype:trojan-activity;sid:83392343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.252.127.42"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529242/; classtype:trojan-activity;sid:83392342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.193.107.163"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529241/; classtype:trojan-activity;sid:83392341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.45.92"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529240/; classtype:trojan-activity;sid:83392340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.56.224"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529239/; classtype:trojan-activity;sid:83392339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.104.230"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529238/; classtype:trojan-activity;sid:83392338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.199.12.58"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529237/; classtype:trojan-activity;sid:83392337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"152.243.191.127"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529236/; classtype:trojan-activity;sid:83392336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.163.105"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529235/; classtype:trojan-activity;sid:83392335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.90.5"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529234/; classtype:trojan-activity;sid:83392334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.130.21.26"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529233/; classtype:trojan-activity;sid:83392333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc139074685_655468567|3f|hash=kz5dxbekr589elyzwud9r5j7zh3s3ldgipyak2lhc3x|7c|26|7c|dl=geztsmbxgq3dqni:1675426415:g12mui4eh6zuc1w3qqdwsgx1crdv1z78zurlvypmcrw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:195; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529231/; classtype:trojan-activity;sid:83392331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.zip"; depth:9; endswith; nocase; http.host; content:"buy-time.click"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529232/; classtype:trojan-activity;sid:83392332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr.php|3f|"; depth:11; endswith; nocase; http.host; content:"fudgeys.co.uk"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529230/; classtype:trojan-activity;sid:83392330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc139074685_655477285|3f|hash=zywm8hp6xynsgwccqjj7fnv8t8thnjqpuzz5ikdnij8|7c|26|7c|dl=geztsmbxgq3dqni:1675434118:jfocuv9zjezmz0c6tskpw0o0tn65oi6d1tl4fypnl2p|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:195; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529229/; classtype:trojan-activity;sid:83392329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nors/flow.exe"; depth:14; endswith; nocase; http.host; content:"193.233.20.3"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529227/; classtype:trojan-activity;sid:83392327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529228/; classtype:trojan-activity;sid:83392328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.239.87.69"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529226/; classtype:trojan-activity;sid:83392326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.220.10"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529225/; classtype:trojan-activity;sid:83392325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.151.209.143"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529224/; classtype:trojan-activity;sid:83392324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"211.50.17.115"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529222/; classtype:trojan-activity;sid:83392322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.85.199"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529223/; classtype:trojan-activity;sid:83392323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd/0/get/b1x6yzmxlimxp61xnesxoqqcafgstqvbu2cq11n_jpqttvlqqdgygggp3u7bdi8b8j3tp-ea-hgxtwmkdop8qvc5tyvkqfqv7ewse0vg1j-krbmor6ceqmmh_cfsec9v7osi04pjkdawkvle6ehmqfiinp3fyeefwnztui5mgded5llwvp0rfpz21ivpy7k7nvc/file|3f|dl=1"; depth:218; endswith; nocase; http.host; content:"uc9be98ae82c22348df703b96abc.dl.dropboxusercontent.com"; depth:54; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529221/; classtype:trojan-activity;sid:83392321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.71.107.217"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529220/; classtype:trojan-activity;sid:83392320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.75.177"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529219/; classtype:trojan-activity;sid:83392319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.107.163"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529218/; classtype:trojan-activity;sid:83392318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.49.174"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529217/; classtype:trojan-activity;sid:83392317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.45.92"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529216/; classtype:trojan-activity;sid:83392316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.123.211"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529215/; classtype:trojan-activity;sid:83392315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.27.219"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529214/; classtype:trojan-activity;sid:83392314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.199.158"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529213/; classtype:trojan-activity;sid:83392313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.180.171.25"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529212/; classtype:trojan-activity;sid:83392312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.170.248"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529211/; classtype:trojan-activity;sid:83392311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.87.254"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529210/; classtype:trojan-activity;sid:83392310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bjy1"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529209/; classtype:trojan-activity;sid:83392309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.120.240.94"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529208/; classtype:trojan-activity;sid:83392308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.163.204"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529206/; classtype:trojan-activity;sid:83392306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.156.119"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529207/; classtype:trojan-activity;sid:83392307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.9.219"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529205/; classtype:trojan-activity;sid:83392305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.140.107"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529204/; classtype:trojan-activity;sid:83392304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.49.174"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529203/; classtype:trojan-activity;sid:83392303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.233.57"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529201/; classtype:trojan-activity;sid:83392301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.244.220"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529202/; classtype:trojan-activity;sid:83392302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.212.214"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529200/; classtype:trojan-activity;sid:83392300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1017491499765735575/1065018651335467038/hospede.zip"; depth:64; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529199/; classtype:trojan-activity;sid:83392299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/serverhta.hta"; depth:14; endswith; nocase; http.host; content:"2023foco.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529198/; classtype:trojan-activity;sid:83392298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ganger09/at/main/uni4.bat"; depth:26; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529197/; classtype:trojan-activity;sid:83392297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1066029761186517014/1066542963724914769/att.txt"; depth:60; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529196/; classtype:trojan-activity;sid:83392296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.126.118"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529195/; classtype:trojan-activity;sid:83392295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.17.227.0"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529194/; classtype:trojan-activity;sid:83392294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.172.181"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529193/; classtype:trojan-activity;sid:83392293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.171.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529192/; classtype:trojan-activity;sid:83392292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.135.64"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529191/; classtype:trojan-activity;sid:83392291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.160.156"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529190/; classtype:trojan-activity;sid:83392290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.41.141"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529189/; classtype:trojan-activity;sid:83392289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.193.28"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529187/; classtype:trojan-activity;sid:83392287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.150.84"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529188/; classtype:trojan-activity;sid:83392288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.180.171.25"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529186/; classtype:trojan-activity;sid:83392286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.14.215.234"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529185/; classtype:trojan-activity;sid:83392285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.45.27"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529184/; classtype:trojan-activity;sid:83392284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.98"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529183/; classtype:trojan-activity;sid:83392283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.23.101"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529182/; classtype:trojan-activity;sid:83392282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.203.55"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529181/; classtype:trojan-activity;sid:83392281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.255.77"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529180/; classtype:trojan-activity;sid:83392280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.58.137"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529179/; classtype:trojan-activity;sid:83392279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"120.87.33.134"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529178/; classtype:trojan-activity;sid:83392278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.122.7"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529176/; classtype:trojan-activity;sid:83392276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.202.143"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529177/; classtype:trojan-activity;sid:83392277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.170.248"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529175/; classtype:trojan-activity;sid:83392275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.253.149.189"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529174/; classtype:trojan-activity;sid:83392274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.5.92"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529173/; classtype:trojan-activity;sid:83392273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.44.132"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529172/; classtype:trojan-activity;sid:83392272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.43.70.30"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529170/; classtype:trojan-activity;sid:83392270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.86.52"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529171/; classtype:trojan-activity;sid:83392271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.138.154.198"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529168/; classtype:trojan-activity;sid:83392268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.252.202.252"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529169/; classtype:trojan-activity;sid:83392269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.42.191"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529167/; classtype:trojan-activity;sid:83392267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.107.83.120"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529166/; classtype:trojan-activity;sid:83392266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.178.198"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529165/; classtype:trojan-activity;sid:83392265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.160.37"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529163/; classtype:trojan-activity;sid:83392263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.241.187.33"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529164/; classtype:trojan-activity;sid:83392264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.220.81"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529162/; classtype:trojan-activity;sid:83392262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.167.125"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529161/; classtype:trojan-activity;sid:83392261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.1.219"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529160/; classtype:trojan-activity;sid:83392260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subscribeevent"; depth:15; endswith; nocase; http.host; content:"61ed2.signing.unitynotarypublic.com"; depth:35; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529159/; classtype:trojan-activity;sid:83392259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.9.219"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529158/; classtype:trojan-activity;sid:83392258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.163.23"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529157/; classtype:trojan-activity;sid:83392257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paste-code/bjyz"; depth:16; endswith; nocase; http.host; content:"wtools.io"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529156/; classtype:trojan-activity;sid:83392256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.51.51"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529155/; classtype:trojan-activity;sid:83392255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.141.133.225"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529153/; classtype:trojan-activity;sid:83392253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.43.119.235"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529154/; classtype:trojan-activity;sid:83392254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"188.127.168.240"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529152/; classtype:trojan-activity;sid:83392252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"187.89.172.154"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529151/; classtype:trojan-activity;sid:83392251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.57.73.205"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529150/; classtype:trojan-activity;sid:83392250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.16.180"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529148/; classtype:trojan-activity;sid:83392248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.107.193.12"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529149/; classtype:trojan-activity;sid:83392249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.230.172.116"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529147/; classtype:trojan-activity;sid:83392247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.199.13.88"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529146/; classtype:trojan-activity;sid:83392246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h9xwhyqu/"; depth:10; endswith; nocase; http.host; content:"ingramjapan.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529145/; classtype:trojan-activity;sid:83392245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.56.146"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529144/; classtype:trojan-activity;sid:83392244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.133.86.230"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529143/; classtype:trojan-activity;sid:83392243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.95.220.171"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529142/; classtype:trojan-activity;sid:83392242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.79.175"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529141/; classtype:trojan-activity;sid:83392241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.198.156"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529140/; classtype:trojan-activity;sid:83392240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.209.231.207"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529139/; classtype:trojan-activity;sid:83392239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.133.124.157"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529138/; classtype:trojan-activity;sid:83392238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.44.132"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529137/; classtype:trojan-activity;sid:83392237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.117.18"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529136/; classtype:trojan-activity;sid:83392236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.19.249"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529135/; classtype:trojan-activity;sid:83392235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.175.5"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529133/; classtype:trojan-activity;sid:83392233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.56.184.236"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529134/; classtype:trojan-activity;sid:83392234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.230.172.116"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529132/; classtype:trojan-activity;sid:83392232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.167.178"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529131/; classtype:trojan-activity;sid:83392231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.206.161.229"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529130/; classtype:trojan-activity;sid:83392230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.28.200"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529129/; classtype:trojan-activity;sid:83392229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.174"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529128/; classtype:trojan-activity;sid:83392228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.85.40.230"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529127/; classtype:trojan-activity;sid:83392227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.226.163"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529126/; classtype:trojan-activity;sid:83392226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.80.7"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529125/; classtype:trojan-activity;sid:83392225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.231.13"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529124/; classtype:trojan-activity;sid:83392224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.101.154"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529123/; classtype:trojan-activity;sid:83392223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.158.134"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529122/; classtype:trojan-activity;sid:83392222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.148.113"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529121/; classtype:trojan-activity;sid:83392221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.1.175"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529120/; classtype:trojan-activity;sid:83392220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.141.202"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529119/; classtype:trojan-activity;sid:83392219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.163.23"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529118/; classtype:trojan-activity;sid:83392218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.0.238"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529117/; classtype:trojan-activity;sid:83392217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.124.201"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529116/; classtype:trojan-activity;sid:83392216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.37.83"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529115/; classtype:trojan-activity;sid:83392215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.90.5"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529114/; classtype:trojan-activity;sid:83392214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529113/; classtype:trojan-activity;sid:83392213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.209.231.207"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529112/; classtype:trojan-activity;sid:83392212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.174"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529110/; classtype:trojan-activity;sid:83392210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.121.248"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529111/; classtype:trojan-activity;sid:83392211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.83.86"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529109/; classtype:trojan-activity;sid:83392209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.39.35"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529107/; classtype:trojan-activity;sid:83392207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.10.34"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529108/; classtype:trojan-activity;sid:83392208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.89.114"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529105/; classtype:trojan-activity;sid:83392205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.210"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529106/; classtype:trojan-activity;sid:83392206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.140.207"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529104/; classtype:trojan-activity;sid:83392204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.236.63"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529103/; classtype:trojan-activity;sid:83392203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.74.156"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529102/; classtype:trojan-activity;sid:83392202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.131.159"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529101/; classtype:trojan-activity;sid:83392201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.183.76"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529100/; classtype:trojan-activity;sid:83392200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.102.107.112"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529099/; classtype:trojan-activity;sid:83392199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.176.112"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529098/; classtype:trojan-activity;sid:83392198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vodka.dat"; depth:10; endswith; nocase; http.host; content:"79.141.175.208"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529093/; classtype:trojan-activity;sid:83392193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vodka.dat"; depth:10; endswith; nocase; http.host; content:"45.8.191.141"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529094/; classtype:trojan-activity;sid:83392194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vodka.dat"; depth:10; endswith; nocase; http.host; content:"128.254.207.55"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529095/; classtype:trojan-activity;sid:83392195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vodka.dat"; depth:10; endswith; nocase; http.host; content:"216.238.76.210"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529096/; classtype:trojan-activity;sid:83392196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vodka.dat"; depth:10; endswith; nocase; http.host; content:"135.148.144.191"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529097/; classtype:trojan-activity;sid:83392197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.108.206.174"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529092/; classtype:trojan-activity;sid:83392192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qptbamkr154.lpk"; depth:16; endswith; nocase; http.host; content:"fumigueg.tk"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529091/; classtype:trojan-activity;sid:83392191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.189.88"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529090/; classtype:trojan-activity;sid:83392190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.144.207.29"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529089/; classtype:trojan-activity;sid:83392189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.211.234"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529088/; classtype:trojan-activity;sid:83392188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.169.214"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529087/; classtype:trojan-activity;sid:83392187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.116.176.154"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529086/; classtype:trojan-activity;sid:83392186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.80.7"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529085/; classtype:trojan-activity;sid:83392185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.219.124"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529084/; classtype:trojan-activity;sid:83392184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.140.6"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529083/; classtype:trojan-activity;sid:83392183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.189.33"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529082/; classtype:trojan-activity;sid:83392182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.214.209.121"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529081/; classtype:trojan-activity;sid:83392181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.207.229"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529080/; classtype:trojan-activity;sid:83392180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.97.169.208"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529079/; classtype:trojan-activity;sid:83392179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.250.70"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529078/; classtype:trojan-activity;sid:83392178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.122.223"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529077/; classtype:trojan-activity;sid:83392177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.38.101"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529076/; classtype:trojan-activity;sid:83392176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.196.54"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529075/; classtype:trojan-activity;sid:83392175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.214.209.121"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529074/; classtype:trojan-activity;sid:83392174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.220.60.23"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529073/; classtype:trojan-activity;sid:83392173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.70.201"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529072/; classtype:trojan-activity;sid:83392172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.230.128"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529071/; classtype:trojan-activity;sid:83392171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.105.47.190"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529070/; classtype:trojan-activity;sid:83392170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.253.116"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529069/; classtype:trojan-activity;sid:83392169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.155.59"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529068/; classtype:trojan-activity;sid:83392168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.160.51"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529067/; classtype:trojan-activity;sid:83392167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.149.136"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529066/; classtype:trojan-activity;sid:83392166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.61.151"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529065/; classtype:trojan-activity;sid:83392165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.190.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529064/; classtype:trojan-activity;sid:83392164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.137.229"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529063/; classtype:trojan-activity;sid:83392163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.98.97"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529062/; classtype:trojan-activity;sid:83392162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.106.192.12"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529061/; classtype:trojan-activity;sid:83392161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.118.10"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529060/; classtype:trojan-activity;sid:83392160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.107.53"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529059/; classtype:trojan-activity;sid:83392159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.162.232"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529058/; classtype:trojan-activity;sid:83392158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.128.220"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529057/; classtype:trojan-activity;sid:83392157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2.exe"; depth:7; endswith; nocase; http.host; content:"lattescremato.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529056/; classtype:trojan-activity;sid:83392156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exp/scriptinit.ps1"; depth:19; endswith; nocase; http.host; content:"miraistealer.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529055/; classtype:trojan-activity;sid:83392155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exp/index.hta"; depth:14; endswith; nocase; http.host; content:"miraistealer.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529053/; classtype:trojan-activity;sid:83392153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exp/script.ps1"; depth:15; endswith; nocase; http.host; content:"miraistealer.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529054/; classtype:trojan-activity;sid:83392154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.224.57.52"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529052/; classtype:trojan-activity;sid:83392152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.29.185"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529051/; classtype:trojan-activity;sid:83392151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.174.81"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529050/; classtype:trojan-activity;sid:83392150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.116.98"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529049/; classtype:trojan-activity;sid:83392149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.axis"; depth:13; endswith; nocase; http.host; content:"51.15.27.96"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529048/; classtype:trojan-activity;sid:83392148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.183.189"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529047/; classtype:trojan-activity;sid:83392147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.187.113"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529046/; classtype:trojan-activity;sid:83392146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.140.158.135"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529045/; classtype:trojan-activity;sid:83392145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.157.195.24"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529044/; classtype:trojan-activity;sid:83392144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.58.180.221"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529043/; classtype:trojan-activity;sid:83392143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.90.58"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529042/; classtype:trojan-activity;sid:83392142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.221.185.7"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529041/; classtype:trojan-activity;sid:83392141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.232.83"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529040/; classtype:trojan-activity;sid:83392140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.137.159"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529039/; classtype:trojan-activity;sid:83392139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.39.19"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529038/; classtype:trojan-activity;sid:83392138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.112.88.94"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529037/; classtype:trojan-activity;sid:83392137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.228.227"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529036/; classtype:trojan-activity;sid:83392136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.157.232.166"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529035/; classtype:trojan-activity;sid:83392135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.253.123"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529034/; classtype:trojan-activity;sid:83392134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.223.55"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529032/; classtype:trojan-activity;sid:83392132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.126.118"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529033/; classtype:trojan-activity;sid:83392133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.219.190"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529031/; classtype:trojan-activity;sid:83392131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.40.190"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529030/; classtype:trojan-activity;sid:83392130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.61.151"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529029/; classtype:trojan-activity;sid:83392129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.58.48"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529028/; classtype:trojan-activity;sid:83392128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.213.25.12"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529027/; classtype:trojan-activity;sid:83392127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.114.32"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529026/; classtype:trojan-activity;sid:83392126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.152.50"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529024/; classtype:trojan-activity;sid:83392124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.46.231.10"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529025/; classtype:trojan-activity;sid:83392125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.8.97"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529022/; classtype:trojan-activity;sid:83392122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.235.103"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529023/; classtype:trojan-activity;sid:83392123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.129.233"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529021/; classtype:trojan-activity;sid:83392121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.26.241.87"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529020/; classtype:trojan-activity;sid:83392120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.187.250.230"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529019/; classtype:trojan-activity;sid:83392119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.7.231"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529018/; classtype:trojan-activity;sid:83392118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.93.199.178"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529017/; classtype:trojan-activity;sid:83392117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.173.81.24"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529016/; classtype:trojan-activity;sid:83392116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.167.101"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529015/; classtype:trojan-activity;sid:83392115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.39.19"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529014/; classtype:trojan-activity;sid:83392114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.254.78"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529013/; classtype:trojan-activity;sid:83392113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.146.243"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529012/; classtype:trojan-activity;sid:83392112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.8.162"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529011/; classtype:trojan-activity;sid:83392111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.120.58.224"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529010/; classtype:trojan-activity;sid:83392110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.19.151"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529009/; classtype:trojan-activity;sid:83392109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.108.228"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529008/; classtype:trojan-activity;sid:83392108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"121.202.198.165"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529007/; classtype:trojan-activity;sid:83392107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.108.228"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529006/; classtype:trojan-activity;sid:83392106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.66.241"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529004/; classtype:trojan-activity;sid:83392104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.160.131"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529005/; classtype:trojan-activity;sid:83392105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.213.46.162"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529003/; classtype:trojan-activity;sid:83392103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"45.51.173.135"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529002/; classtype:trojan-activity;sid:83392102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.17.227.0"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529001/; classtype:trojan-activity;sid:83392101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2529000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.67.52.21"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2529000/; classtype:trojan-activity;sid:83392100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.51.180.62"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528999/; classtype:trojan-activity;sid:83392099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.253.154.42"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528998/; classtype:trojan-activity;sid:83392098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.86.194"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528997/; classtype:trojan-activity;sid:83392097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.152.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528996/; classtype:trojan-activity;sid:83392096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.37.131"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528995/; classtype:trojan-activity;sid:83392095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linuxtf"; depth:8; endswith; nocase; http.host; content:"46.3.112.177"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528994/; classtype:trojan-activity;sid:83392094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.209.212"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528993/; classtype:trojan-activity;sid:83392093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.88.135"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528992/; classtype:trojan-activity;sid:83392092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/xpjplka7j6t0"; depth:17; endswith; nocase; http.host; content:"pasteio.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528991/; classtype:trojan-activity;sid:83392091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.5.206.69"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528990/; classtype:trojan-activity;sid:83392090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.17.88"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528989/; classtype:trojan-activity;sid:83392089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.164.138.192"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528988/; classtype:trojan-activity;sid:83392088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dashh/psftp.exe"; depth:16; endswith; nocase; http.host; content:"103.171.1.26"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528987/; classtype:trojan-activity;sid:83392087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ifbkppsk202.java"; depth:17; endswith; nocase; http.host; content:"thegallerygulgong.com.au"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528986/; classtype:trojan-activity;sid:83392086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.241.55"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528985/; classtype:trojan-activity;sid:83392085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.58.48"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528984/; classtype:trojan-activity;sid:83392084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.22.231"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528983/; classtype:trojan-activity;sid:83392083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.42.193"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528982/; classtype:trojan-activity;sid:83392082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.24.214"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528981/; classtype:trojan-activity;sid:83392081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.248.2.225"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528980/; classtype:trojan-activity;sid:83392080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.6.98"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528979/; classtype:trojan-activity;sid:83392079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.252.180.174"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528978/; classtype:trojan-activity;sid:83392078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.219.86.51"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528977/; classtype:trojan-activity;sid:83392077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.255.216.146"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528976/; classtype:trojan-activity;sid:83392076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.241.214.197"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528975/; classtype:trojan-activity;sid:83392075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.116.49.228"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528974/; classtype:trojan-activity;sid:83392074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.173.147"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528973/; classtype:trojan-activity;sid:83392073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.234.183"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528972/; classtype:trojan-activity;sid:83392072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.108.84"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528971/; classtype:trojan-activity;sid:83392071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.114.143"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528970/; classtype:trojan-activity;sid:83392070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.128.87"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528969/; classtype:trojan-activity;sid:83392069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.116.99.25"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528967/; classtype:trojan-activity;sid:83392067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.252.217.142"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528968/; classtype:trojan-activity;sid:83392068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.215.161"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528965/; classtype:trojan-activity;sid:83392065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.163.148"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528966/; classtype:trojan-activity;sid:83392066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.89.60.53"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528963/; classtype:trojan-activity;sid:83392063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.186.196"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528964/; classtype:trojan-activity;sid:83392064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.67.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528962/; classtype:trojan-activity;sid:83392062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.191.192"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528961/; classtype:trojan-activity;sid:83392061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.94.204.212"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528960/; classtype:trojan-activity;sid:83392060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.34.201"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528959/; classtype:trojan-activity;sid:83392059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.21.90"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528958/; classtype:trojan-activity;sid:83392058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.242.120"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528957/; classtype:trojan-activity;sid:83392057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"46.146.3.194"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528955/; classtype:trojan-activity;sid:83392055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.29.92.173"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528956/; classtype:trojan-activity;sid:83392056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.60.48"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528952/; classtype:trojan-activity;sid:83392052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.123.142"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528953/; classtype:trojan-activity;sid:83392053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.230.172.116"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528954/; classtype:trojan-activity;sid:83392054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.14.219"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528951/; classtype:trojan-activity;sid:83392051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.187.69"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528950/; classtype:trojan-activity;sid:83392050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.216.175"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528949/; classtype:trojan-activity;sid:83392049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.241.55"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528948/; classtype:trojan-activity;sid:83392048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.175.112.61"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528947/; classtype:trojan-activity;sid:83392047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.14.219"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528946/; classtype:trojan-activity;sid:83392046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.37.131"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528945/; classtype:trojan-activity;sid:83392045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.173.147"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528944/; classtype:trojan-activity;sid:83392044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.197"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528943/; classtype:trojan-activity;sid:83392043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.32.132"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528942/; classtype:trojan-activity;sid:83392042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.86.75.56"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528941/; classtype:trojan-activity;sid:83392041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.147.122"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528939/; classtype:trojan-activity;sid:83392039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.5.197"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528940/; classtype:trojan-activity;sid:83392040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.178.77"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528938/; classtype:trojan-activity;sid:83392038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.223.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528937/; classtype:trojan-activity;sid:83392037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.206.17"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528935/; classtype:trojan-activity;sid:83392035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.53.36.239"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528936/; classtype:trojan-activity;sid:83392036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.94.172.126"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528934/; classtype:trojan-activity;sid:83392034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.128.87"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528933/; classtype:trojan-activity;sid:83392033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.135.209.166"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528930/; classtype:trojan-activity;sid:83392030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.163.28"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528931/; classtype:trojan-activity;sid:83392031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.94.204.212"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528932/; classtype:trojan-activity;sid:83392032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.94.89"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528929/; classtype:trojan-activity;sid:83392029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.204.212.218"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528928/; classtype:trojan-activity;sid:83392028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.204.147.35"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528927/; classtype:trojan-activity;sid:83392027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.39.232"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528926/; classtype:trojan-activity;sid:83392026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.208.127.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528925/; classtype:trojan-activity;sid:83392025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.200.52"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528924/; classtype:trojan-activity;sid:83392024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.141.178.77"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528923/; classtype:trojan-activity;sid:83392023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.73.93"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528921/; classtype:trojan-activity;sid:83392021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.228.207.163"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528922/; classtype:trojan-activity;sid:83392022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.5.62.224"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528919/; classtype:trojan-activity;sid:83392019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.162.184.191"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528920/; classtype:trojan-activity;sid:83392020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.140.90"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528917/; classtype:trojan-activity;sid:83392017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.96.211.2"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528918/; classtype:trojan-activity;sid:83392018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.22.231"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528916/; classtype:trojan-activity;sid:83392016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"83.243.252.91"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528915/; classtype:trojan-activity;sid:83392015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.94.172.126"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528914/; classtype:trojan-activity;sid:83392014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.145.92"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528913/; classtype:trojan-activity;sid:83392013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.246.109.2"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528912/; classtype:trojan-activity;sid:83392012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.8.223.132"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528911/; classtype:trojan-activity;sid:83392011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.109.179"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528910/; classtype:trojan-activity;sid:83392010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.234.183"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528909/; classtype:trojan-activity;sid:83392009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.229.20"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528908/; classtype:trojan-activity;sid:83392008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.20.131"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528907/; classtype:trojan-activity;sid:83392007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.exe"; depth:6; endswith; nocase; http.host; content:"vmi539722.contaboserver.net"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528906/; classtype:trojan-activity;sid:83392006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.153.141"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528905/; classtype:trojan-activity;sid:83392005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.96.75.157"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528904/; classtype:trojan-activity;sid:83392004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.53.35.232"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528903/; classtype:trojan-activity;sid:83392003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.197.217"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528902/; classtype:trojan-activity;sid:83392002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.44.68"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528901/; classtype:trojan-activity;sid:83392001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.116.32"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528900/; classtype:trojan-activity;sid:83392000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.86.189.146"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528899/; classtype:trojan-activity;sid:83391999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.146.128"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528898/; classtype:trojan-activity;sid:83391998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.228.207.163"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528897/; classtype:trojan-activity;sid:83391997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.244.248.218"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528896/; classtype:trojan-activity;sid:83391996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaupdate.exe"; depth:13; endswith; nocase; http.host; content:"77.91.78.108"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528894/; classtype:trojan-activity;sid:83391994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lloaded.exe"; depth:12; endswith; nocase; http.host; content:"109.172.45.94"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528895/; classtype:trojan-activity;sid:83391995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.190.46.53"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528893/; classtype:trojan-activity;sid:83391993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.44.68"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528892/; classtype:trojan-activity;sid:83391992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bsiu.php|3f|"; depth:13; endswith; nocase; http.host; content:"beatup.cl"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528891/; classtype:trojan-activity;sid:83391991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ell.php|3f|"; depth:12; endswith; nocase; http.host; content:"infrastructure.co.ug"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528890/; classtype:trojan-activity;sid:83391990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe.php|3f|"; depth:11; endswith; nocase; http.host; content:"israrmarblegranite.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528889/; classtype:trojan-activity;sid:83391989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trn.php|3f|"; depth:12; endswith; nocase; http.host; content:"esgiot.net"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528888/; classtype:trojan-activity;sid:83391988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulba.php|3f|"; depth:13; endswith; nocase; http.host; content:"windsonstaffing.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528885/; classtype:trojan-activity;sid:83391985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sfaf.php|3f|"; depth:13; endswith; nocase; http.host; content:"aixjobsonline.net"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528886/; classtype:trojan-activity;sid:83391986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riqe.php|3f|"; depth:13; endswith; nocase; http.host; content:"koksoftec.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528887/; classtype:trojan-activity;sid:83391987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmxi.php|3f|"; depth:13; endswith; nocase; http.host; content:"pcrog.com"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528882/; classtype:trojan-activity;sid:83391982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ds.php|3f|"; depth:11; endswith; nocase; http.host; content:"ecompany.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528883/; classtype:trojan-activity;sid:83391983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sii.php|3f|"; depth:12; endswith; nocase; http.host; content:"floridasforgottenfelines.org"; depth:28; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528884/; classtype:trojan-activity;sid:83391984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.zip"; depth:9; endswith; nocase; http.host; content:"buy-up.click"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528880/; classtype:trojan-activity;sid:83391980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iasd.php|3f|"; depth:13; endswith; nocase; http.host; content:"chrono-actu.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528881/; classtype:trojan-activity;sid:83391981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.189.119"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528879/; classtype:trojan-activity;sid:83391979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.96.6.119"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528878/; classtype:trojan-activity;sid:83391978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.199.137"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528877/; classtype:trojan-activity;sid:83391977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.193.115.115"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528875/; classtype:trojan-activity;sid:83391975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.139.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528876/; classtype:trojan-activity;sid:83391976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.190.181"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528874/; classtype:trojan-activity;sid:83391974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.195.20.84"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528873/; classtype:trojan-activity;sid:83391973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.98.20"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528872/; classtype:trojan-activity;sid:83391972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.103.3.147"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528871/; classtype:trojan-activity;sid:83391971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.7.231"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528870/; classtype:trojan-activity;sid:83391970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.252.131"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528869/; classtype:trojan-activity;sid:83391969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.139.86"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528868/; classtype:trojan-activity;sid:83391968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.209.184"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528867/; classtype:trojan-activity;sid:83391967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.89.242.3"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528866/; classtype:trojan-activity;sid:83391966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.22.231"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528865/; classtype:trojan-activity;sid:83391965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.9.248"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528864/; classtype:trojan-activity;sid:83391964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.43.113.41"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528863/; classtype:trojan-activity;sid:83391963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.146.203"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528862/; classtype:trojan-activity;sid:83391962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.74.20.227"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528861/; classtype:trojan-activity;sid:83391961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.189.119"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528860/; classtype:trojan-activity;sid:83391960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.244.248.218"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528859/; classtype:trojan-activity;sid:83391959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systems/chromesetup.exe"; depth:24; endswith; nocase; http.host; content:"dupont-ingredient.ro"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528858/; classtype:trojan-activity;sid:83391958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.111.178"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528857/; classtype:trojan-activity;sid:83391957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.3.230"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528855/; classtype:trojan-activity;sid:83391955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.234.102.178"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528856/; classtype:trojan-activity;sid:83391956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.145.157"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528854/; classtype:trojan-activity;sid:83391954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.116.223"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528853/; classtype:trojan-activity;sid:83391953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"203.110.86.243"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528852/; classtype:trojan-activity;sid:83391952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.234.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528851/; classtype:trojan-activity;sid:83391951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.105.13.224"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528850/; classtype:trojan-activity;sid:83391950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.185.122"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528849/; classtype:trojan-activity;sid:83391949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.174.154"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528848/; classtype:trojan-activity;sid:83391948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.135.179"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528847/; classtype:trojan-activity;sid:83391947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; depth:40; endswith; nocase; http.host; content:"6yddxah0lq.buchalska.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528844/; classtype:trojan-activity;sid:83391944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/mirai.mips"; depth:13; endswith; nocase; http.host; content:"vmi1171026.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528845/; classtype:trojan-activity;sid:83391945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.m68k"; depth:14; endswith; nocase; http.host; content:"soka.root.sx"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528846/; classtype:trojan-activity;sid:83391946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"45.66.230.47"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528843/; classtype:trojan-activity;sid:83391943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.99.202.203"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528842/; classtype:trojan-activity;sid:83391942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.10.60.113"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528841/; classtype:trojan-activity;sid:83391941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.15.162.243"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528840/; classtype:trojan-activity;sid:83391940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.255.12.73"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528837/; classtype:trojan-activity;sid:83391937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.248.61.99"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528838/; classtype:trojan-activity;sid:83391938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.185.89.163"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528839/; classtype:trojan-activity;sid:83391939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.137.211.225"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528836/; classtype:trojan-activity;sid:83391936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.51.73"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528835/; classtype:trojan-activity;sid:83391935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.139.86"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528834/; classtype:trojan-activity;sid:83391934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.166.219"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528833/; classtype:trojan-activity;sid:83391933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.119.150"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528832/; classtype:trojan-activity;sid:83391932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.183.19.181"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528831/; classtype:trojan-activity;sid:83391931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.119.150"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528830/; classtype:trojan-activity;sid:83391930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.187.143"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528829/; classtype:trojan-activity;sid:83391929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.176.104"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528827/; classtype:trojan-activity;sid:83391927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.25.246"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528828/; classtype:trojan-activity;sid:83391928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.213.102"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528826/; classtype:trojan-activity;sid:83391926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.219.4.132"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528825/; classtype:trojan-activity;sid:83391925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.120.56"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528824/; classtype:trojan-activity;sid:83391924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.105.13.224"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528823/; classtype:trojan-activity;sid:83391923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.230.211.152"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528822/; classtype:trojan-activity;sid:83391922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.115.127.60"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528821/; classtype:trojan-activity;sid:83391921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.40.218"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528819/; classtype:trojan-activity;sid:83391919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.111.130.221"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528820/; classtype:trojan-activity;sid:83391920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.29.198"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528818/; classtype:trojan-activity;sid:83391918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.43.102.109"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528816/; classtype:trojan-activity;sid:83391916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.227.205.62"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528817/; classtype:trojan-activity;sid:83391917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.198.168.228"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528815/; classtype:trojan-activity;sid:83391915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.9.221.5"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528814/; classtype:trojan-activity;sid:83391914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.129.103"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528813/; classtype:trojan-activity;sid:83391913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.200.52"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528812/; classtype:trojan-activity;sid:83391912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.80.76.134"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528811/; classtype:trojan-activity;sid:83391911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.89.105.214"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528810/; classtype:trojan-activity;sid:83391910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.205.5"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528809/; classtype:trojan-activity;sid:83391909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.11.85"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528808/; classtype:trojan-activity;sid:83391908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.123.244.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528807/; classtype:trojan-activity;sid:83391907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.89.114"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528805/; classtype:trojan-activity;sid:83391905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.213.203"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528806/; classtype:trojan-activity;sid:83391906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.136.35.45"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528803/; classtype:trojan-activity;sid:83391903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.12.198"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528804/; classtype:trojan-activity;sid:83391904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.208.204"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528802/; classtype:trojan-activity;sid:83391902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.0.42.187"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528800/; classtype:trojan-activity;sid:83391900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.130.30.174"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528801/; classtype:trojan-activity;sid:83391901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.174.255"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528799/; classtype:trojan-activity;sid:83391899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.87.57.36"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528798/; classtype:trojan-activity;sid:83391898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.73.15"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528797/; classtype:trojan-activity;sid:83391897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.92.166.46"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528796/; classtype:trojan-activity;sid:83391896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.34.18"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528794/; classtype:trojan-activity;sid:83391894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.167.243"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528795/; classtype:trojan-activity;sid:83391895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.140.34"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528793/; classtype:trojan-activity;sid:83391893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.13.56"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528792/; classtype:trojan-activity;sid:83391892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.235.116.175"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528791/; classtype:trojan-activity;sid:83391891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.38.199"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528790/; classtype:trojan-activity;sid:83391890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.198.168.228"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528789/; classtype:trojan-activity;sid:83391889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.188.58.201"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528788/; classtype:trojan-activity;sid:83391888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.156.171"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528787/; classtype:trojan-activity;sid:83391887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.80.14"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528786/; classtype:trojan-activity;sid:83391886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.253.84"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528785/; classtype:trojan-activity;sid:83391885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.213.203"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528783/; classtype:trojan-activity;sid:83391883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.14.165"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528784/; classtype:trojan-activity;sid:83391884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.79.13"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528782/; classtype:trojan-activity;sid:83391882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.89.105.214"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528781/; classtype:trojan-activity;sid:83391881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"45.12.253.12"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528777/; classtype:trojan-activity;sid:83391877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"45.12.253.12"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528778/; classtype:trojan-activity;sid:83391878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"45.12.253.12"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528779/; classtype:trojan-activity;sid:83391879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"45.12.253.12"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528780/; classtype:trojan-activity;sid:83391880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.214.97"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528776/; classtype:trojan-activity;sid:83391876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.120.56"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528775/; classtype:trojan-activity;sid:83391875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.185.211"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528774/; classtype:trojan-activity;sid:83391874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.92.167.33"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528773/; classtype:trojan-activity;sid:83391873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.179.19.143"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528772/; classtype:trojan-activity;sid:83391872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.171.86"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528770/; classtype:trojan-activity;sid:83391870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.223.116"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528771/; classtype:trojan-activity;sid:83391871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.16.147"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528769/; classtype:trojan-activity;sid:83391869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.184.62"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528768/; classtype:trojan-activity;sid:83391868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/menis"; depth:6; endswith; nocase; http.host; content:"2.56.178.130"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528767/; classtype:trojan-activity;sid:83391867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.125.234.229"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528766/; classtype:trojan-activity;sid:83391866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.47.106.74"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528765/; classtype:trojan-activity;sid:83391865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.189.81"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528764/; classtype:trojan-activity;sid:83391864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.151.220.81"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528763/; classtype:trojan-activity;sid:83391863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.131.175"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528762/; classtype:trojan-activity;sid:83391862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.154.116.225"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528761/; classtype:trojan-activity;sid:83391861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.254.213.12"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528760/; classtype:trojan-activity;sid:83391860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.22.177"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528758/; classtype:trojan-activity;sid:83391858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.185.211"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528759/; classtype:trojan-activity;sid:83391859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.30.144"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528757/; classtype:trojan-activity;sid:83391857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.244.114.59"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528756/; classtype:trojan-activity;sid:83391856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.188.58.201"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528755/; classtype:trojan-activity;sid:83391855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.161.72.200"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528754/; classtype:trojan-activity;sid:83391854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.5.171.206"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528753/; classtype:trojan-activity;sid:83391853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.85.135.37"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528752/; classtype:trojan-activity;sid:83391852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.118.143.125"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528751/; classtype:trojan-activity;sid:83391851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.9.1"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528750/; classtype:trojan-activity;sid:83391850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.91.108.101"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528749/; classtype:trojan-activity;sid:83391849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.116.31.212"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528748/; classtype:trojan-activity;sid:83391848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.232.34.153"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528747/; classtype:trojan-activity;sid:83391847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.3.253"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528746/; classtype:trojan-activity;sid:83391846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.75.17"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528745/; classtype:trojan-activity;sid:83391845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.40.149.220"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528744/; classtype:trojan-activity;sid:83391844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.3.177.206"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528743/; classtype:trojan-activity;sid:83391843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.205.76"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528741/; classtype:trojan-activity;sid:83391841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.225.204.153"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528742/; classtype:trojan-activity;sid:83391842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.247.143.183"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528740/; classtype:trojan-activity;sid:83391840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.210.64"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528739/; classtype:trojan-activity;sid:83391839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.55.83.237"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528737/; classtype:trojan-activity;sid:83391837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.159.53"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528738/; classtype:trojan-activity;sid:83391838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.244.114.59"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528736/; classtype:trojan-activity;sid:83391836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/u4elzl0pxzuwznx/setup.zip|3f|dl=1"; depth:36; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528735/; classtype:trojan-activity;sid:83391835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.175.51.249"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528734/; classtype:trojan-activity;sid:83391834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.20.121"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528733/; classtype:trojan-activity;sid:83391833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.219.82"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528732/; classtype:trojan-activity;sid:83391832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.35.243.101"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528731/; classtype:trojan-activity;sid:83391831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.61.154.108"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528730/; classtype:trojan-activity;sid:83391830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.21.65"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528729/; classtype:trojan-activity;sid:83391829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.190.171"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528728/; classtype:trojan-activity;sid:83391828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.109.206"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528727/; classtype:trojan-activity;sid:83391827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.40.218"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528726/; classtype:trojan-activity;sid:83391826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.209.216.197"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528723/; classtype:trojan-activity;sid:83391823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.210.130"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528724/; classtype:trojan-activity;sid:83391824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.172.202"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528725/; classtype:trojan-activity;sid:83391825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.26.212.21"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528722/; classtype:trojan-activity;sid:83391822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.213.0.142"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528721/; classtype:trojan-activity;sid:83391821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.210.119"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528720/; classtype:trojan-activity;sid:83391820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.30.131.10"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528719/; classtype:trojan-activity;sid:83391819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.189.17"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528718/; classtype:trojan-activity;sid:83391818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.40"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528717/; classtype:trojan-activity;sid:83391817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"twizt.org"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528716/; classtype:trojan-activity;sid:83391816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.79.13"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528715/; classtype:trojan-activity;sid:83391815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.218.151"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528714/; classtype:trojan-activity;sid:83391814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.20.68"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528713/; classtype:trojan-activity;sid:83391813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.114.209"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528712/; classtype:trojan-activity;sid:83391812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.119.150"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528711/; classtype:trojan-activity;sid:83391811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.118.254"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528710/; classtype:trojan-activity;sid:83391810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.238.236"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528709/; classtype:trojan-activity;sid:83391809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.99.252"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528708/; classtype:trojan-activity;sid:83391808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.112.51.65"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528707/; classtype:trojan-activity;sid:83391807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.25.255"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528706/; classtype:trojan-activity;sid:83391806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.109.206"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528705/; classtype:trojan-activity;sid:83391805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.195.197"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528704/; classtype:trojan-activity;sid:83391804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"58.253.9.1"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528703/; classtype:trojan-activity;sid:83391803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.165.239"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528702/; classtype:trojan-activity;sid:83391802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.11.10.134"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528700/; classtype:trojan-activity;sid:83391800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.35.243.101"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528701/; classtype:trojan-activity;sid:83391801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.219.77"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528699/; classtype:trojan-activity;sid:83391799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.3.17"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528698/; classtype:trojan-activity;sid:83391798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528696/; classtype:trojan-activity;sid:83391796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.10.128.245"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528697/; classtype:trojan-activity;sid:83391797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.208.238.181"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528695/; classtype:trojan-activity;sid:83391795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.89.60.53"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528694/; classtype:trojan-activity;sid:83391794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.189.17"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528693/; classtype:trojan-activity;sid:83391793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.163.24.78"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528692/; classtype:trojan-activity;sid:83391792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.100.3"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528691/; classtype:trojan-activity;sid:83391791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.147.55"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528690/; classtype:trojan-activity;sid:83391790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.137.229"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528689/; classtype:trojan-activity;sid:83391789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.171.126"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528688/; classtype:trojan-activity;sid:83391788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.215.163"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528687/; classtype:trojan-activity;sid:83391787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.23.226.35"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528686/; classtype:trojan-activity;sid:83391786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.12.36.165"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528685/; classtype:trojan-activity;sid:83391785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.210.32"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528684/; classtype:trojan-activity;sid:83391784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.250.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528683/; classtype:trojan-activity;sid:83391783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.99.252"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528682/; classtype:trojan-activity;sid:83391782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaupdate.exe"; depth:13; endswith; nocase; http.host; content:"45.15.159.123"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528681/; classtype:trojan-activity;sid:83391781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.250.92.210"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528680/; classtype:trojan-activity;sid:83391780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"153.34.217.9"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528679/; classtype:trojan-activity;sid:83391779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.13.65"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528678/; classtype:trojan-activity;sid:83391778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.25.255"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528677/; classtype:trojan-activity;sid:83391777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.201.195.197"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528676/; classtype:trojan-activity;sid:83391776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.228.103.179"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528675/; classtype:trojan-activity;sid:83391775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.134.58.133"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528673/; classtype:trojan-activity;sid:83391773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.212.111.139"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528674/; classtype:trojan-activity;sid:83391774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.43.112.40"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528672/; classtype:trojan-activity;sid:83391772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.113.254"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528671/; classtype:trojan-activity;sid:83391771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.149.73"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528670/; classtype:trojan-activity;sid:83391770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.114.32.179"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528668/; classtype:trojan-activity;sid:83391768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.5.244"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528669/; classtype:trojan-activity;sid:83391769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.138.110"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528667/; classtype:trojan-activity;sid:83391767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.87.60.46"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528666/; classtype:trojan-activity;sid:83391766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.226.69.240"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528664/; classtype:trojan-activity;sid:83391764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.145.73"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528665/; classtype:trojan-activity;sid:83391765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.0.137"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528663/; classtype:trojan-activity;sid:83391763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muma/arm5.sh"; depth:13; endswith; nocase; http.host; content:"zf.gouzapay.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528661/; classtype:trojan-activity;sid:83391761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muma/mips.sh"; depth:13; endswith; nocase; http.host; content:"zf.gouzapay.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528662/; classtype:trojan-activity;sid:83391762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muma/arm6.sh"; depth:13; endswith; nocase; http.host; content:"zf.gouzapay.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528659/; classtype:trojan-activity;sid:83391759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muma/arm7.sh"; depth:13; endswith; nocase; http.host; content:"zf.gouzapay.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528660/; classtype:trojan-activity;sid:83391760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.239.191"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528658/; classtype:trojan-activity;sid:83391758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.fourloko"; depth:16; endswith; nocase; http.host; content:"185.225.74.3"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528654/; classtype:trojan-activity;sid:83391754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc712319849_660986998|3f|hash=hsrz2pduwmzqtweywvvegepd2tzr9zcqa1ybpnf6apk|7c|26|7c|dl=g4ytemzrhe4dioi:1675361699:uytze4mfqzti90w56wokxmtkg97lcbezxgxitzgudzo|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:195; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528655/; classtype:trojan-activity;sid:83391755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc712319849_660980444|3f|hash=mpohybzkbwghei7gecono2cirkfz5w6tvkfkd4m9ymk|7c|26|7c|dl=g4ytemzrhe4dioi:1675355621:1irz3oc2f9siowc3qcdqnzto4jnuoobjx3zh34ybbdc|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:195; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528656/; classtype:trojan-activity;sid:83391756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc139074685_655441844|3f|hash=xdidmxabvb51vqtcullibvl5pkxapzejmq3jttu2y08|7c|26|7c|dl=geztsmbxgq3dqni:1675371979:z1ubsohmsashu3aqpqmxwtgq67e44pchn4eef8lesd4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; depth:195; endswith; nocase; http.host; content:"vk.com"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528657/; classtype:trojan-activity;sid:83391757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.147.55"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528653/; classtype:trojan-activity;sid:83391753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.138.113"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528652/; classtype:trojan-activity;sid:83391752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.139.110.200"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528650/; classtype:trojan-activity;sid:83391750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.173.140"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528651/; classtype:trojan-activity;sid:83391751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.171.126"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528649/; classtype:trojan-activity;sid:83391749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.163.24.78"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528647/; classtype:trojan-activity;sid:83391747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.113.115"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528648/; classtype:trojan-activity;sid:83391748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.42.114.20"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528644/; classtype:trojan-activity;sid:83391744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.170.128"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528645/; classtype:trojan-activity;sid:83391745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.119.190.107"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528646/; classtype:trojan-activity;sid:83391746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.250.92.210"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528643/; classtype:trojan-activity;sid:83391743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puta/rocku.exe"; depth:15; endswith; nocase; http.host; content:"193.233.20.3"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528642/; classtype:trojan-activity;sid:83391742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"153.34.217.9"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528641/; classtype:trojan-activity;sid:83391741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.103.57.34"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528639/; classtype:trojan-activity;sid:83391739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.62.164"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528640/; classtype:trojan-activity;sid:83391740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.18.77"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528638/; classtype:trojan-activity;sid:83391738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.24.206"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528635/; classtype:trojan-activity;sid:83391735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"39.83.149.217"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528636/; classtype:trojan-activity;sid:83391736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.74.109"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528637/; classtype:trojan-activity;sid:83391737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.125.20.22"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528634/; classtype:trojan-activity;sid:83391734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.193.236"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528633/; classtype:trojan-activity;sid:83391733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"194.88.194.128"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528632/; classtype:trojan-activity;sid:83391732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.154.116.225"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528631/; classtype:trojan-activity;sid:83391731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"177.53.199.181"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528629/; classtype:trojan-activity;sid:83391729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.215.39"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528630/; classtype:trojan-activity;sid:83391730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.239.94"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528628/; classtype:trojan-activity;sid:83391728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.235.182"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528627/; classtype:trojan-activity;sid:83391727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.210.146"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528626/; classtype:trojan-activity;sid:83391726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.0.137"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528625/; classtype:trojan-activity;sid:83391725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.56.189"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528624/; classtype:trojan-activity;sid:83391724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.190.211"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528623/; classtype:trojan-activity;sid:83391723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.239.101"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528622/; classtype:trojan-activity;sid:83391722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.73.99"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528621/; classtype:trojan-activity;sid:83391721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.185.116.164"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528620/; classtype:trojan-activity;sid:83391720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.169.212.202"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528619/; classtype:trojan-activity;sid:83391719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.3.78"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528618/; classtype:trojan-activity;sid:83391718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.spc"; depth:16; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528616/; classtype:trojan-activity;sid:83391716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.m68k"; depth:17; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528617/; classtype:trojan-activity;sid:83391717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.216.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528615/; classtype:trojan-activity;sid:83391715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm7"; depth:17; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528614/; classtype:trojan-activity;sid:83391714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.x86"; depth:16; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528610/; classtype:trojan-activity;sid:83391710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.ppc"; depth:16; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528611/; classtype:trojan-activity;sid:83391711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.sh4"; depth:16; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528612/; classtype:trojan-activity;sid:83391712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm"; depth:16; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528613/; classtype:trojan-activity;sid:83391713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm6"; depth:17; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528607/; classtype:trojan-activity;sid:83391707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.arm5"; depth:17; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528608/; classtype:trojan-activity;sid:83391708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir/z3hir.mpsl"; depth:17; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528609/; classtype:trojan-activity;sid:83391709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.215.39"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528606/; classtype:trojan-activity;sid:83391706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"60.26.242.183"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528605/; classtype:trojan-activity;sid:83391705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.25.160"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528604/; classtype:trojan-activity;sid:83391704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.124.236.157"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528603/; classtype:trojan-activity;sid:83391703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.156.119"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528602/; classtype:trojan-activity;sid:83391702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.87.48.243"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528601/; classtype:trojan-activity;sid:83391701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.190.211"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528600/; classtype:trojan-activity;sid:83391700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/race2.exe"; depth:10; endswith; nocase; http.host; content:"77.73.134.27"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528598/; classtype:trojan-activity;sid:83391698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zehir.sh"; depth:9; endswith; nocase; http.host; content:"103.195.237.238"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528599/; classtype:trojan-activity;sid:83391699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/255/vbc.exe"; depth:12; endswith; nocase; http.host; content:"212.193.30.4"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528597/; classtype:trojan-activity;sid:83391697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.45.185.144"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528596/; classtype:trojan-activity;sid:83391696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.39.219"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528594/; classtype:trojan-activity;sid:83391694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.83.149.217"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528595/; classtype:trojan-activity;sid:83391695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.4.20"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528593/; classtype:trojan-activity;sid:83391693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.113.66"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528590/; classtype:trojan-activity;sid:83391690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.255.12.173"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528591/; classtype:trojan-activity;sid:83391691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.122.5"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528592/; classtype:trojan-activity;sid:83391692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.255.89"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528588/; classtype:trojan-activity;sid:83391688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.3.70.102"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528589/; classtype:trojan-activity;sid:83391689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.255.29.122"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528587/; classtype:trojan-activity;sid:83391687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.89.54.47"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528586/; classtype:trojan-activity;sid:83391686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.25.230.195"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528585/; classtype:trojan-activity;sid:83391685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.125.183"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528584/; classtype:trojan-activity;sid:83391684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.123.224.59"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528583/; classtype:trojan-activity;sid:83391683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.210.155"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528581/; classtype:trojan-activity;sid:83391681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.170.66"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528582/; classtype:trojan-activity;sid:83391682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.80.76"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528580/; classtype:trojan-activity;sid:83391680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.212.161.26"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528579/; classtype:trojan-activity;sid:83391679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.184.62"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528577/; classtype:trojan-activity;sid:83391677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.165.87"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528578/; classtype:trojan-activity;sid:83391678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.119.162.175"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528576/; classtype:trojan-activity;sid:83391676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.210.146"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528575/; classtype:trojan-activity;sid:83391675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.207.167.13"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528574/; classtype:trojan-activity;sid:83391674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.121.171"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528572/; classtype:trojan-activity;sid:83391672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.93.83"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528573/; classtype:trojan-activity;sid:83391673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.160.235"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528571/; classtype:trojan-activity;sid:83391671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.24.187.145"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528570/; classtype:trojan-activity;sid:83391670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.208.157"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528569/; classtype:trojan-activity;sid:83391669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ait.php"; depth:8; endswith; nocase; http.host; content:"xcapitalindia.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528568/; classtype:trojan-activity;sid:83391668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.3.78"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528567/; classtype:trojan-activity;sid:83391667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.127.165.83"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528565/; classtype:trojan-activity;sid:83391665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.224.196.162"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528566/; classtype:trojan-activity;sid:83391666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.195.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528564/; classtype:trojan-activity;sid:83391664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.40.84.154"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528562/; classtype:trojan-activity;sid:83391662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.255.29.122"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528563/; classtype:trojan-activity;sid:83391663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.126.35"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528561/; classtype:trojan-activity;sid:83391661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.208.46"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528560/; classtype:trojan-activity;sid:83391660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.165.87"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528559/; classtype:trojan-activity;sid:83391659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.111.130.221"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528558/; classtype:trojan-activity;sid:83391658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buba/repa.exe"; depth:14; endswith; nocase; http.host; content:"193.233.20.3"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528557/; classtype:trojan-activity;sid:83391657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.10.225"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528556/; classtype:trojan-activity;sid:83391656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.237.125"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528555/; classtype:trojan-activity;sid:83391655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.152.7"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528553/; classtype:trojan-activity;sid:83391653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.129.115"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528554/; classtype:trojan-activity;sid:83391654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.213.101"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528552/; classtype:trojan-activity;sid:83391652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.91.58"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528551/; classtype:trojan-activity;sid:83391651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.230.148.137"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528550/; classtype:trojan-activity;sid:83391650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.82.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528549/; classtype:trojan-activity;sid:83391649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.38.145"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528548/; classtype:trojan-activity;sid:83391648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.231.101.252"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528547/; classtype:trojan-activity;sid:83391647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.104.43"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528546/; classtype:trojan-activity;sid:83391646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.240.79.228"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528545/; classtype:trojan-activity;sid:83391645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.129.208"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528544/; classtype:trojan-activity;sid:83391644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.13.135"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528543/; classtype:trojan-activity;sid:83391643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.10.174"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528542/; classtype:trojan-activity;sid:83391642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.26.90.146"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528541/; classtype:trojan-activity;sid:83391641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.154.34"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528540/; classtype:trojan-activity;sid:83391640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.50.10"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528539/; classtype:trojan-activity;sid:83391639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.237.125"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528538/; classtype:trojan-activity;sid:83391638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.252.217.36"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528537/; classtype:trojan-activity;sid:83391637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.89.211.39"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528536/; classtype:trojan-activity;sid:83391636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.79.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528535/; classtype:trojan-activity;sid:83391635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.208.46"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528534/; classtype:trojan-activity;sid:83391634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.140.212"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528533/; classtype:trojan-activity;sid:83391633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.76.229"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528532/; classtype:trojan-activity;sid:83391632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.154.140"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528531/; classtype:trojan-activity;sid:83391631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.0.43"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528530/; classtype:trojan-activity;sid:83391630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.171.70"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528528/; classtype:trojan-activity;sid:83391628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.213.185.83"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528529/; classtype:trojan-activity;sid:83391629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.22.50"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528527/; classtype:trojan-activity;sid:83391627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.45.36.189"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528526/; classtype:trojan-activity;sid:83391626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.120.169"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528525/; classtype:trojan-activity;sid:83391625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.60.191"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528523/; classtype:trojan-activity;sid:83391623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.186.196"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528524/; classtype:trojan-activity;sid:83391624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.94.76"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528522/; classtype:trojan-activity;sid:83391622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.221.124.55"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528521/; classtype:trojan-activity;sid:83391621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.116.32"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528520/; classtype:trojan-activity;sid:83391620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.114.180"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528519/; classtype:trojan-activity;sid:83391619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.251.11"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528518/; classtype:trojan-activity;sid:83391618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.119.216.122"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528517/; classtype:trojan-activity;sid:83391617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"82.151.125.162"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528516/; classtype:trojan-activity;sid:83391616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.14.219"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528515/; classtype:trojan-activity;sid:83391615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.79.148"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528514/; classtype:trojan-activity;sid:83391614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.243.108"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528513/; classtype:trojan-activity;sid:83391613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.45.93"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528512/; classtype:trojan-activity;sid:83391612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.10.60"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528511/; classtype:trojan-activity;sid:83391611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.0.43"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528510/; classtype:trojan-activity;sid:83391610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.161.176"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528509/; classtype:trojan-activity;sid:83391609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.140.212"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528508/; classtype:trojan-activity;sid:83391608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.248.55.34"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528507/; classtype:trojan-activity;sid:83391607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.208.247"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528506/; classtype:trojan-activity;sid:83391606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.243.108"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528505/; classtype:trojan-activity;sid:83391605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.10.60"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528504/; classtype:trojan-activity;sid:83391604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.152.102.46"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528503/; classtype:trojan-activity;sid:83391603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.107.62"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528502/; classtype:trojan-activity;sid:83391602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.208.247"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528501/; classtype:trojan-activity;sid:83391601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.94.76"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528500/; classtype:trojan-activity;sid:83391600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.214.94.164"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528499/; classtype:trojan-activity;sid:83391599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.48.168"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528498/; classtype:trojan-activity;sid:83391598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.41.20.131"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528497/; classtype:trojan-activity;sid:83391597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.39.107.252"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528496/; classtype:trojan-activity;sid:83391596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.229.67"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528495/; classtype:trojan-activity;sid:83391595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.88.119"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528493/; classtype:trojan-activity;sid:83391593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.92.171.2"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528494/; classtype:trojan-activity;sid:83391594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.106.98.27"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528492/; classtype:trojan-activity;sid:83391592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.17.113"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528490/; classtype:trojan-activity;sid:83391590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.216.5.90"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528491/; classtype:trojan-activity;sid:83391591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.32.199"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528489/; classtype:trojan-activity;sid:83391589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.50.10"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528488/; classtype:trojan-activity;sid:83391588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.61.167.35"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528487/; classtype:trojan-activity;sid:83391587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subscribeevent"; depth:15; endswith; nocase; http.host; content:"94786.signing.unitynotarypublic.com"; depth:35; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528486/; classtype:trojan-activity;sid:83391586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.195.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528485/; classtype:trojan-activity;sid:83391585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.122"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528484/; classtype:trojan-activity;sid:83391584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.82.164.179"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528483/; classtype:trojan-activity;sid:83391583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.197.217"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528482/; classtype:trojan-activity;sid:83391582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.180.227"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528481/; classtype:trojan-activity;sid:83391581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.241.224"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528480/; classtype:trojan-activity;sid:83391580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.162.119"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528479/; classtype:trojan-activity;sid:83391579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.20.121"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528478/; classtype:trojan-activity;sid:83391578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.15.55.36"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528477/; classtype:trojan-activity;sid:83391577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.114.166"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528476/; classtype:trojan-activity;sid:83391576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.214.94.164"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528475/; classtype:trojan-activity;sid:83391575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.126.35"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528474/; classtype:trojan-activity;sid:83391574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.107.62"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528472/; classtype:trojan-activity;sid:83391572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.85.96"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528473/; classtype:trojan-activity;sid:83391573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.213.4"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528471/; classtype:trojan-activity;sid:83391571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.152.102.46"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528470/; classtype:trojan-activity;sid:83391570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.99.39"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528468/; classtype:trojan-activity;sid:83391568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.45.9.243"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528469/; classtype:trojan-activity;sid:83391569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.112.194"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528467/; classtype:trojan-activity;sid:83391567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.38.146.226"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528465/; classtype:trojan-activity;sid:83391565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.249.30"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528466/; classtype:trojan-activity;sid:83391566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.65.99"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528463/; classtype:trojan-activity;sid:83391563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.225.90.4"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528464/; classtype:trojan-activity;sid:83391564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.222.218"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528462/; classtype:trojan-activity;sid:83391562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.176"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528461/; classtype:trojan-activity;sid:83391561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.194.163.139"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528460/; classtype:trojan-activity;sid:83391560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.76.241"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528459/; classtype:trojan-activity;sid:83391559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.98"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528458/; classtype:trojan-activity;sid:83391558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.112.246"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528457/; classtype:trojan-activity;sid:83391557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.222.232"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528455/; classtype:trojan-activity;sid:83391555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.8.70"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528456/; classtype:trojan-activity;sid:83391556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.14.107.52"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528454/; classtype:trojan-activity;sid:83391554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.156.167.150"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528453/; classtype:trojan-activity;sid:83391553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"106.111.102.116"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528451/; classtype:trojan-activity;sid:83391551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.178.45"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528452/; classtype:trojan-activity;sid:83391552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.120.98.141"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528450/; classtype:trojan-activity;sid:83391550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systems/tmp/chromesetup.exe"; depth:28; endswith; nocase; http.host; content:"nordic-food.ro"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528449/; classtype:trojan-activity;sid:83391549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.222.232"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528448/; classtype:trojan-activity;sid:83391548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.213.4"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528447/; classtype:trojan-activity;sid:83391547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.54.58.201"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528445/; classtype:trojan-activity;sid:83391545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.146.68"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528446/; classtype:trojan-activity;sid:83391546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.70.167.150"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528444/; classtype:trojan-activity;sid:83391544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.157.69.156"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528443/; classtype:trojan-activity;sid:83391543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.193.119.139"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528442/; classtype:trojan-activity;sid:83391542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.176"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528441/; classtype:trojan-activity;sid:83391541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.23.97"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528440/; classtype:trojan-activity;sid:83391540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.8.70"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528439/; classtype:trojan-activity;sid:83391539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.208.247"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528437/; classtype:trojan-activity;sid:83391537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.214.209.78"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528438/; classtype:trojan-activity;sid:83391538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.221.27"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528436/; classtype:trojan-activity;sid:83391536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.150.110"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528435/; classtype:trojan-activity;sid:83391535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.193.117.40"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528434/; classtype:trojan-activity;sid:83391534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.208.236.242"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528433/; classtype:trojan-activity;sid:83391533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.55.19.143"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528432/; classtype:trojan-activity;sid:83391532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subscribeevent"; depth:15; endswith; nocase; http.host; content:"f069f.signing.unitynotarypublic.com"; depth:35; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528431/; classtype:trojan-activity;sid:83391531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.114.57"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528430/; classtype:trojan-activity;sid:83391530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.85.157"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528429/; classtype:trojan-activity;sid:83391529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.250.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528428/; classtype:trojan-activity;sid:83391528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.6.252.131"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528427/; classtype:trojan-activity;sid:83391527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.170.30"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528426/; classtype:trojan-activity;sid:83391526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.116.107.10"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528425/; classtype:trojan-activity;sid:83391525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.130.200.174"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528424/; classtype:trojan-activity;sid:83391524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.160.44"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528423/; classtype:trojan-activity;sid:83391523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.194.175.173"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528422/; classtype:trojan-activity;sid:83391522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.223.90.77"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528421/; classtype:trojan-activity;sid:83391521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.135.179"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528420/; classtype:trojan-activity;sid:83391520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.92.160.224"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528419/; classtype:trojan-activity;sid:83391519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"80.200.36.50"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528418/; classtype:trojan-activity;sid:83391518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.69.80"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528417/; classtype:trojan-activity;sid:83391517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.37.57"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528416/; classtype:trojan-activity;sid:83391516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.189.94.223"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528415/; classtype:trojan-activity;sid:83391515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"120.57.218.24"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528413/; classtype:trojan-activity;sid:83391513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.9.221.5"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528414/; classtype:trojan-activity;sid:83391514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.249.223"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528412/; classtype:trojan-activity;sid:83391512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.33.61"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528411/; classtype:trojan-activity;sid:83391511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.250.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528410/; classtype:trojan-activity;sid:83391510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.177.249.120"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528409/; classtype:trojan-activity;sid:83391509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.85.157"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528408/; classtype:trojan-activity;sid:83391508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.230.217.101"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528407/; classtype:trojan-activity;sid:83391507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.88.217.32"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528406/; classtype:trojan-activity;sid:83391506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"49.74.36.85"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528404/; classtype:trojan-activity;sid:83391504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.226.78.27"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528405/; classtype:trojan-activity;sid:83391505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.255.29.113"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528403/; classtype:trojan-activity;sid:83391503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.197.25"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528402/; classtype:trojan-activity;sid:83391502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.156.212"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528401/; classtype:trojan-activity;sid:83391501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.216.16.68"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528400/; classtype:trojan-activity;sid:83391500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.53.237.157"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528399/; classtype:trojan-activity;sid:83391499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.136.92"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528398/; classtype:trojan-activity;sid:83391498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.88"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528397/; classtype:trojan-activity;sid:83391497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.81.145.111"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528396/; classtype:trojan-activity;sid:83391496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.40.145.158"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528394/; classtype:trojan-activity;sid:83391494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.30.53"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528395/; classtype:trojan-activity;sid:83391495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.212.164.106"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528392/; classtype:trojan-activity;sid:83391492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.47.90.156"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528393/; classtype:trojan-activity;sid:83391493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.243.243.251"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528391/; classtype:trojan-activity;sid:83391491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.231.90"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528390/; classtype:trojan-activity;sid:83391490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.31.175"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528389/; classtype:trojan-activity;sid:83391489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.25.160"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528388/; classtype:trojan-activity;sid:83391488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.155.239.237"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528386/; classtype:trojan-activity;sid:83391486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.91.62.92"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528387/; classtype:trojan-activity;sid:83391487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.201.199.122"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528385/; classtype:trojan-activity;sid:83391485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.165.148"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528384/; classtype:trojan-activity;sid:83391484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.91.106.195"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_03; reference:url, urlhaus.abuse.ch/url/2528383/; classtype:trojan-activity;sid:83391483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.99.135.6"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528382/; classtype:trojan-activity;sid:83391482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.3.176.102"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528381/; classtype:trojan-activity;sid:83391481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.241.92"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528380/; classtype:trojan-activity;sid:83391480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.216.16.68"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528379/; classtype:trojan-activity;sid:83391479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.209.62.170"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528378/; classtype:trojan-activity;sid:83391478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.232.2.22"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528377/; classtype:trojan-activity;sid:83391477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.215.86.198"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528375/; classtype:trojan-activity;sid:83391475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.93.82"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528376/; classtype:trojan-activity;sid:83391476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.22.35"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528374/; classtype:trojan-activity;sid:83391474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.243.173.155"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528373/; classtype:trojan-activity;sid:83391473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.131.142.180"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528372/; classtype:trojan-activity;sid:83391472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.160.87"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528371/; classtype:trojan-activity;sid:83391471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.31.175"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528370/; classtype:trojan-activity;sid:83391470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.44"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528369/; classtype:trojan-activity;sid:83391469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.91.220"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528368/; classtype:trojan-activity;sid:83391468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.45.118.135"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528367/; classtype:trojan-activity;sid:83391467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.209.26"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528365/; classtype:trojan-activity;sid:83391465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.0.158.67"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528366/; classtype:trojan-activity;sid:83391466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.243.243.251"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528364/; classtype:trojan-activity;sid:83391464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.63.80.43"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528362/; classtype:trojan-activity;sid:83391462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.253.155.8"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528363/; classtype:trojan-activity;sid:83391463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.163.6"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528361/; classtype:trojan-activity;sid:83391461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.217.80.221"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528360/; classtype:trojan-activity;sid:83391460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.153.6"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528359/; classtype:trojan-activity;sid:83391459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.51.226"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528358/; classtype:trojan-activity;sid:83391458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.252.175.140"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528357/; classtype:trojan-activity;sid:83391457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.241.92"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528356/; classtype:trojan-activity;sid:83391456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.251.18.157"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528355/; classtype:trojan-activity;sid:83391455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.182.151"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528353/; classtype:trojan-activity;sid:83391453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.118.143.125"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528354/; classtype:trojan-activity;sid:83391454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.162.213.90"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528352/; classtype:trojan-activity;sid:83391452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.13.81"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528350/; classtype:trojan-activity;sid:83391450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.54.99.32"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528351/; classtype:trojan-activity;sid:83391451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaqi.php"; depth:9; endswith; nocase; http.host; content:"zechap.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528349/; classtype:trojan-activity;sid:83391449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aoo.php"; depth:8; endswith; nocase; http.host; content:"zkteco.co.za"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528348/; classtype:trojan-activity;sid:83391448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.php"; depth:7; endswith; nocase; http.host; content:"zikof.com"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528346/; classtype:trojan-activity;sid:83391446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ndm.php"; depth:8; endswith; nocase; http.host; content:"ztk.cl"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528347/; classtype:trojan-activity;sid:83391447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.php"; depth:7; endswith; nocase; http.host; content:"znindia.in"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528345/; classtype:trojan-activity;sid:83391445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere.php"; depth:8; endswith; nocase; http.host; content:"waterionizer.ae"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528343/; classtype:trojan-activity;sid:83391443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rm.php"; depth:7; endswith; nocase; http.host; content:"zenith-cryptos.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528344/; classtype:trojan-activity;sid:83391444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qei.php"; depth:8; endswith; nocase; http.host; content:"zamelintservices.org"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528340/; classtype:trojan-activity;sid:83391440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spu.php"; depth:8; endswith; nocase; http.host; content:"saleinhome.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528341/; classtype:trojan-activity;sid:83391441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eien.php"; depth:9; endswith; nocase; http.host; content:"smepaisa.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528342/; classtype:trojan-activity;sid:83391442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee.php"; depth:7; endswith; nocase; http.host; content:"uppercutdxb.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528337/; classtype:trojan-activity;sid:83391437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eur.php"; depth:8; endswith; nocase; http.host; content:"zesheger.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528338/; classtype:trojan-activity;sid:83391438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei.php"; depth:7; endswith; nocase; http.host; content:"youtubevalley.org"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528339/; classtype:trojan-activity;sid:83391439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.13.29.65"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528336/; classtype:trojan-activity;sid:83391436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.153.33"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528335/; classtype:trojan-activity;sid:83391435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.222.174.108"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528334/; classtype:trojan-activity;sid:83391434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um.php"; depth:7; endswith; nocase; http.host; content:"showerfilters.ae"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528333/; classtype:trojan-activity;sid:83391433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lanl.php"; depth:9; endswith; nocase; http.host; content:"theunfoldtruth.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528332/; classtype:trojan-activity;sid:83391432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prs.php"; depth:8; endswith; nocase; http.host; content:"safefire.ro"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528331/; classtype:trojan-activity;sid:83391431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seea.php"; depth:9; endswith; nocase; http.host; content:"santorres.com.br"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528330/; classtype:trojan-activity;sid:83391430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tola.php"; depth:9; endswith; nocase; http.host; content:"thesocialnexus.net"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528329/; classtype:trojan-activity;sid:83391429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/im.php"; depth:7; endswith; nocase; http.host; content:"serveameal.kitchen"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528326/; classtype:trojan-activity;sid:83391426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eldo.php"; depth:9; endswith; nocase; http.host; content:"vimansameditation.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528327/; classtype:trojan-activity;sid:83391427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nil.php"; depth:8; endswith; nocase; http.host; content:"safeco-group.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528328/; classtype:trojan-activity;sid:83391428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euo.php"; depth:8; endswith; nocase; http.host; content:"thesquarelife.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528323/; classtype:trojan-activity;sid:83391423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timo.php"; depth:9; endswith; nocase; http.host; content:"thedevinedifference.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528324/; classtype:trojan-activity;sid:83391424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esit.php"; depth:9; endswith; nocase; http.host; content:"techquerysolution.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528325/; classtype:trojan-activity;sid:83391425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icaa.php"; depth:9; endswith; nocase; http.host; content:"valentybeauty.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528319/; classtype:trojan-activity;sid:83391419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic.php"; depth:7; endswith; nocase; http.host; content:"uppluck.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528320/; classtype:trojan-activity;sid:83391420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uoe.php"; depth:8; endswith; nocase; http.host; content:"shopgnepal.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528321/; classtype:trojan-activity;sid:83391421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iec.php"; depth:8; endswith; nocase; http.host; content:"testzentrum-buer.de"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528322/; classtype:trojan-activity;sid:83391422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xngr.php"; depth:9; endswith; nocase; http.host; content:"sportstheday.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528317/; classtype:trojan-activity;sid:83391417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tret.php"; depth:9; endswith; nocase; http.host; content:"shoppingplearn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528318/; classtype:trojan-activity;sid:83391418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puom.php"; depth:9; endswith; nocase; http.host; content:"signaturethaispa.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528314/; classtype:trojan-activity;sid:83391414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lp.php"; depth:7; endswith; nocase; http.host; content:"waterexpert.ae"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528315/; classtype:trojan-activity;sid:83391415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuq.php"; depth:8; endswith; nocase; http.host; content:"tiketgelang.id"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528316/; classtype:trojan-activity;sid:83391416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ms.php"; depth:7; endswith; nocase; http.host; content:"vtandassociates.net"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528312/; classtype:trojan-activity;sid:83391412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xetu.php"; depth:9; endswith; nocase; http.host; content:"thelaundrymat.net"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528313/; classtype:trojan-activity;sid:83391413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mams.php"; depth:9; endswith; nocase; http.host; content:"thisisfullcircle.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528310/; classtype:trojan-activity;sid:83391410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss.php"; depth:7; endswith; nocase; http.host; content:"swavy.co.uk"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528311/; classtype:trojan-activity;sid:83391411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtas.php"; depth:9; endswith; nocase; http.host; content:"sattasmatka143.mobi"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528308/; classtype:trojan-activity;sid:83391408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reae.php"; depth:9; endswith; nocase; http.host; content:"rofashina.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528309/; classtype:trojan-activity;sid:83391409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nex.php"; depth:8; endswith; nocase; http.host; content:"smartekng.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528304/; classtype:trojan-activity;sid:83391404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/il.php"; depth:7; endswith; nocase; http.host; content:"xsuit.me"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528305/; classtype:trojan-activity;sid:83391405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oxp.php"; depth:8; endswith; nocase; http.host; content:"wickedcharging.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528306/; classtype:trojan-activity;sid:83391406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruq.php"; depth:8; endswith; nocase; http.host; content:"watermakers.ae"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528307/; classtype:trojan-activity;sid:83391407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arue.php"; depth:9; endswith; nocase; http.host; content:"vivsoaps.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528302/; classtype:trojan-activity;sid:83391402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noi.php"; depth:8; endswith; nocase; http.host; content:"slimstatement.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528303/; classtype:trojan-activity;sid:83391403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uhu.php"; depth:8; endswith; nocase; http.host; content:"yazilimajansi.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528300/; classtype:trojan-activity;sid:83391400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epa.php"; depth:8; endswith; nocase; http.host; content:"ucbsummer.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528301/; classtype:trojan-activity;sid:83391401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu.php"; depth:7; endswith; nocase; http.host; content:"unitedenergies.us"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528296/; classtype:trojan-activity;sid:83391396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ans.php"; depth:8; endswith; nocase; http.host; content:"theparahita.org"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528297/; classtype:trojan-activity;sid:83391397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tanm.php"; depth:9; endswith; nocase; http.host; content:"sdjuara.my.id"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528298/; classtype:trojan-activity;sid:83391398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/po.php"; depth:7; endswith; nocase; http.host; content:"saif.id.au"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528299/; classtype:trojan-activity;sid:83391399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmi.php"; depth:8; endswith; nocase; http.host; content:"tolokajobs.org"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528291/; classtype:trojan-activity;sid:83391391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cxc.php"; depth:8; endswith; nocase; http.host; content:"wiseguysdigital.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528292/; classtype:trojan-activity;sid:83391392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiun.php"; depth:9; endswith; nocase; http.host; content:"robicon.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528293/; classtype:trojan-activity;sid:83391393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epu.php"; depth:8; endswith; nocase; http.host; content:"udari.org"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528294/; classtype:trojan-activity;sid:83391394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ht.php"; depth:7; endswith; nocase; http.host; content:"smkn1cipunagarasubang.id"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528295/; classtype:trojan-activity;sid:83391395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qo.php"; depth:7; endswith; nocase; http.host; content:"strongmanstructures.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528289/; classtype:trojan-activity;sid:83391389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss.php"; depth:7; endswith; nocase; http.host; content:"sandd.co.th"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528290/; classtype:trojan-activity;sid:83391390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ore.php"; depth:8; endswith; nocase; http.host; content:"waterfiltration.ae"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528286/; classtype:trojan-activity;sid:83391386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sio.php"; depth:8; endswith; nocase; http.host; content:"ygraphics.com.np"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528287/; classtype:trojan-activity;sid:83391387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed.php"; depth:7; endswith; nocase; http.host; content:"vidalokarp.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528288/; classtype:trojan-activity;sid:83391388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rei.php"; depth:8; endswith; nocase; http.host; content:"thebamboobabies.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528284/; classtype:trojan-activity;sid:83391384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qed.php"; depth:8; endswith; nocase; http.host; content:"sealinkcap.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528285/; classtype:trojan-activity;sid:83391385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsut.php"; depth:9; endswith; nocase; http.host; content:"thegayclub.live"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528282/; classtype:trojan-activity;sid:83391382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eddp.php"; depth:9; endswith; nocase; http.host; content:"trustreach.cfd"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528283/; classtype:trojan-activity;sid:83391383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtr.php"; depth:8; endswith; nocase; http.host; content:"saynotoalcohol.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528278/; classtype:trojan-activity;sid:83391378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctuc.php"; depth:9; endswith; nocase; http.host; content:"yama-es.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528279/; classtype:trojan-activity;sid:83391379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utlm.php"; depth:9; endswith; nocase; http.host; content:"whiterodsurfacing.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528280/; classtype:trojan-activity;sid:83391380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nneu.php"; depth:9; endswith; nocase; http.host; content:"waileylog.pk"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528281/; classtype:trojan-activity;sid:83391381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qdlo.php"; depth:9; endswith; nocase; http.host; content:"stem4girls.org"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528277/; classtype:trojan-activity;sid:83391377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi.php"; depth:7; endswith; nocase; http.host; content:"streannft.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528272/; classtype:trojan-activity;sid:83391372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io.php"; depth:7; endswith; nocase; http.host; content:"texnojob.az"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528273/; classtype:trojan-activity;sid:83391373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs.php"; depth:7; endswith; nocase; http.host; content:"salesoxigen.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528274/; classtype:trojan-activity;sid:83391374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axaq.php"; depth:9; endswith; nocase; http.host; content:"sattva.in"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528275/; classtype:trojan-activity;sid:83391375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/im.php"; depth:7; endswith; nocase; http.host; content:"wellnesshutt.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528276/; classtype:trojan-activity;sid:83391376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uns.php"; depth:8; endswith; nocase; http.host; content:"seoane.com.mx"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528271/; classtype:trojan-activity;sid:83391371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uoa.php"; depth:8; endswith; nocase; http.host; content:"wizmeek.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528269/; classtype:trojan-activity;sid:83391369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iton.php"; depth:9; endswith; nocase; http.host; content:"whytecleon.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528270/; classtype:trojan-activity;sid:83391370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el.php"; depth:7; endswith; nocase; http.host; content:"tunemingo.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528265/; classtype:trojan-activity;sid:83391365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idsi.php"; depth:9; endswith; nocase; http.host; content:"thegrowthsocial.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528266/; classtype:trojan-activity;sid:83391366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tid.php"; depth:8; endswith; nocase; http.host; content:"unioffshorexpc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528267/; classtype:trojan-activity;sid:83391367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leu.php"; depth:8; endswith; nocase; http.host; content:"wangarigithaiga.co.ke"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528268/; classtype:trojan-activity;sid:83391368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uat.php"; depth:8; endswith; nocase; http.host; content:"wmark.ca"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528263/; classtype:trojan-activity;sid:83391363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lua.php"; depth:8; endswith; nocase; http.host; content:"sdkspices.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528264/; classtype:trojan-activity;sid:83391364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rdb.php"; depth:8; endswith; nocase; http.host; content:"sicat.mx"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528260/; classtype:trojan-activity;sid:83391360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipr.php"; depth:8; endswith; nocase; http.host; content:"rubikcore.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528261/; classtype:trojan-activity;sid:83391361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/llce.php"; depth:9; endswith; nocase; http.host; content:"yilaatrainingcenter.org"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528262/; classtype:trojan-activity;sid:83391362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et.php"; depth:7; endswith; nocase; http.host; content:"venkypg.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528259/; classtype:trojan-activity;sid:83391359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leh.php"; depth:8; endswith; nocase; http.host; content:"securemart.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528254/; classtype:trojan-activity;sid:83391354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in.php"; depth:7; endswith; nocase; http.host; content:"vpsrajatalab.in"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528255/; classtype:trojan-activity;sid:83391355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pe.php"; depth:7; endswith; nocase; http.host; content:"test.cbm.cl"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528256/; classtype:trojan-activity;sid:83391356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mema.php"; depth:9; endswith; nocase; http.host; content:"toddgunterrestoration.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528257/; classtype:trojan-activity;sid:83391357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uec.php"; depth:8; endswith; nocase; http.host; content:"smartglassgcc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528258/; classtype:trojan-activity;sid:83391358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dei.php"; depth:8; endswith; nocase; http.host; content:"sucre296.pe"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528249/; classtype:trojan-activity;sid:83391349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uilp.php"; depth:9; endswith; nocase; http.host; content:"wibihi.co.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528250/; classtype:trojan-activity;sid:83391350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eui.php"; depth:8; endswith; nocase; http.host; content:"spiderorchid.co.za"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528251/; classtype:trojan-activity;sid:83391351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bs.php"; depth:7; endswith; nocase; http.host; content:"suichas.com.ar"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528252/; classtype:trojan-activity;sid:83391352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iu.php"; depth:7; endswith; nocase; http.host; content:"soardigital.net"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528253/; classtype:trojan-activity;sid:83391353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sv.php"; depth:7; endswith; nocase; http.host; content:"subbucrackers.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528246/; classtype:trojan-activity;sid:83391346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si.php"; depth:7; endswith; nocase; http.host; content:"terminalpayment.online"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528247/; classtype:trojan-activity;sid:83391347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iaou.php"; depth:9; endswith; nocase; http.host; content:"travelougee.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528248/; classtype:trojan-activity;sid:83391348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpd.php"; depth:8; endswith; nocase; http.host; content:"thinkbigdontdiepoor.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528245/; classtype:trojan-activity;sid:83391345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lar.php"; depth:8; endswith; nocase; http.host; content:"sirinatureroost.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528242/; classtype:trojan-activity;sid:83391342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eder.php"; depth:9; endswith; nocase; http.host; content:"sagirl.co.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528243/; classtype:trojan-activity;sid:83391343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou.php"; depth:7; endswith; nocase; http.host; content:"twinsnice.com.ng"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528244/; classtype:trojan-activity;sid:83391344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oqd.php"; depth:8; endswith; nocase; http.host; content:"splensa.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528241/; classtype:trojan-activity;sid:83391341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upti.php"; depth:9; endswith; nocase; http.host; content:"smkmaarif5gombong.sch.id"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528240/; classtype:trojan-activity;sid:83391340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/su.php"; depth:7; endswith; nocase; http.host; content:"teamshivkumar.in"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528238/; classtype:trojan-activity;sid:83391338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.php"; depth:7; endswith; nocase; http.host; content:"wchatbot.live"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528239/; classtype:trojan-activity;sid:83391339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ls.php"; depth:7; endswith; nocase; http.host; content:"shomol.net"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528234/; classtype:trojan-activity;sid:83391334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edst.php"; depth:9; endswith; nocase; http.host; content:"templatemaster.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528235/; classtype:trojan-activity;sid:83391335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dloi.php"; depth:9; endswith; nocase; http.host; content:"tonik.ma"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528236/; classtype:trojan-activity;sid:83391336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc.php"; depth:7; endswith; nocase; http.host; content:"wahidi.com.pk"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528237/; classtype:trojan-activity;sid:83391337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uei.php"; depth:8; endswith; nocase; http.host; content:"siraatequran.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528232/; classtype:trojan-activity;sid:83391332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crus.php"; depth:9; endswith; nocase; http.host; content:"robox.ai"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528233/; classtype:trojan-activity;sid:83391333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dq.php"; depth:7; endswith; nocase; http.host; content:"study-ground.org"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528230/; classtype:trojan-activity;sid:83391330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nts.php"; depth:8; endswith; nocase; http.host; content:"tizesutsofor.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528231/; classtype:trojan-activity;sid:83391331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hai.php"; depth:8; endswith; nocase; http.host; content:"shotokankarate.co.za"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528227/; classtype:trojan-activity;sid:83391327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tro.php"; depth:8; endswith; nocase; http.host; content:"tiszaors.hu"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528228/; classtype:trojan-activity;sid:83391328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pa.php"; depth:7; endswith; nocase; http.host; content:"sagaracoco.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528229/; classtype:trojan-activity;sid:83391329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meti.php"; depth:9; endswith; nocase; http.host; content:"thefragrancetrees.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528223/; classtype:trojan-activity;sid:83391323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau.php"; depth:8; endswith; nocase; http.host; content:"thegamestrap.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528224/; classtype:trojan-activity;sid:83391324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dle.php"; depth:8; endswith; nocase; http.host; content:"yasinshaikh.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528225/; classtype:trojan-activity;sid:83391325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sp.php"; depth:7; endswith; nocase; http.host; content:"sofdeva.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528226/; classtype:trojan-activity;sid:83391326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iqit.php"; depth:9; endswith; nocase; http.host; content:"updateinterior.net"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528221/; classtype:trojan-activity;sid:83391321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quo.php"; depth:8; endswith; nocase; http.host; content:"vendereimmobile.it"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528222/; classtype:trojan-activity;sid:83391322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivel.php"; depth:9; endswith; nocase; http.host; content:"tryphotelnyc.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528217/; classtype:trojan-activity;sid:83391317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtc.php"; depth:8; endswith; nocase; http.host; content:"simaslin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528218/; classtype:trojan-activity;sid:83391318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iisp.php"; depth:9; endswith; nocase; http.host; content:"rtpresep4d.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528219/; classtype:trojan-activity;sid:83391319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsuc.php"; depth:9; endswith; nocase; http.host; content:"rummygoldspro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528220/; classtype:trojan-activity;sid:83391320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ol.php"; depth:7; endswith; nocase; http.host; content:"thevillalobosgroup.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528214/; classtype:trojan-activity;sid:83391314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uae.php"; depth:8; endswith; nocase; http.host; content:"sabaricards.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528215/; classtype:trojan-activity;sid:83391315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/em.php"; depth:7; endswith; nocase; http.host; content:"voluntas.hu"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528216/; classtype:trojan-activity;sid:83391316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iqtt.php"; depth:9; endswith; nocase; http.host; content:"surevilleschools.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528213/; classtype:trojan-activity;sid:83391313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co.php"; depth:7; endswith; nocase; http.host; content:"tesolpodcast.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528212/; classtype:trojan-activity;sid:83391312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oteu.php"; depth:9; endswith; nocase; http.host; content:"shaktibedia.in"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528211/; classtype:trojan-activity;sid:83391311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dto.php"; depth:8; endswith; nocase; http.host; content:"shubharambh.homes"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528210/; classtype:trojan-activity;sid:83391310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tb.php"; depth:7; endswith; nocase; http.host; content:"sernoticia.com.do"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528207/; classtype:trojan-activity;sid:83391307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqpd.php"; depth:9; endswith; nocase; http.host; content:"sitp-inspektoratdemak.org"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528208/; classtype:trojan-activity;sid:83391308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur.php"; depth:7; endswith; nocase; http.host; content:"seguimiento.cbm.cl"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528209/; classtype:trojan-activity;sid:83391309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is.php"; depth:7; endswith; nocase; http.host; content:"upibiz.in"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528201/; classtype:trojan-activity;sid:83391301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltq.php"; depth:8; endswith; nocase; http.host; content:"smou-edu.net"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528202/; classtype:trojan-activity;sid:83391302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/so.php"; depth:7; endswith; nocase; http.host; content:"toklar.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528203/; classtype:trojan-activity;sid:83391303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inhc.php"; depth:9; endswith; nocase; http.host; content:"ultratec.com.pk"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528204/; classtype:trojan-activity;sid:83391304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nst.php"; depth:8; endswith; nocase; http.host; content:"sftwar.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528205/; classtype:trojan-activity;sid:83391305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isa.php"; depth:8; endswith; nocase; http.host; content:"sunnyeapen.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528206/; classtype:trojan-activity;sid:83391306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eo.php"; depth:7; endswith; nocase; http.host; content:"saisannidhiprojects.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528197/; classtype:trojan-activity;sid:83391297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nme.php"; depth:8; endswith; nocase; http.host; content:"topico-fruits.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528198/; classtype:trojan-activity;sid:83391298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp.php"; depth:7; endswith; nocase; http.host; content:"wikitechbn.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528199/; classtype:trojan-activity;sid:83391299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeul.php"; depth:9; endswith; nocase; http.host; content:"sephora-sa.store"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528200/; classtype:trojan-activity;sid:83391300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aem.php"; depth:8; endswith; nocase; http.host; content:"tourntourist.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528195/; classtype:trojan-activity;sid:83391295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu.php"; depth:7; endswith; nocase; http.host; content:"saura2.com.tr"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528196/; classtype:trojan-activity;sid:83391296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isu.php"; depth:8; endswith; nocase; http.host; content:"timactech.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528192/; classtype:trojan-activity;sid:83391292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nea.php"; depth:8; endswith; nocase; http.host; content:"schweetzsoftware.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528193/; classtype:trojan-activity;sid:83391293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liii.php"; depth:9; endswith; nocase; http.host; content:"wsnettech.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528194/; classtype:trojan-activity;sid:83391294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moa.php"; depth:8; endswith; nocase; http.host; content:"suru.solutions"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528187/; classtype:trojan-activity;sid:83391287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esno.php"; depth:9; endswith; nocase; http.host; content:"waxxnorwich.co.uk"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528188/; classtype:trojan-activity;sid:83391288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ii.php"; depth:7; endswith; nocase; http.host; content:"shivconstruction.co.in"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528189/; classtype:trojan-activity;sid:83391289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/motp.php"; depth:9; endswith; nocase; http.host; content:"sambrialbazar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528190/; classtype:trojan-activity;sid:83391290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ausq.php"; depth:9; endswith; nocase; http.host; content:"transgesa.pe"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528191/; classtype:trojan-activity;sid:83391291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it.php"; depth:7; endswith; nocase; http.host; content:"sosparatuvida.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528184/; classtype:trojan-activity;sid:83391284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oaqv.php"; depth:9; endswith; nocase; http.host; content:"stepuptech.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528185/; classtype:trojan-activity;sid:83391285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnu.php"; depth:8; endswith; nocase; http.host; content:"sahl-ex.af"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528186/; classtype:trojan-activity;sid:83391286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smi.php"; depth:8; endswith; nocase; http.host; content:"vtparking.bg"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528183/; classtype:trojan-activity;sid:83391283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ieu.php"; depth:8; endswith; nocase; http.host; content:"tutorialcodeplay.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528181/; classtype:trojan-activity;sid:83391281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vtri.php"; depth:9; endswith; nocase; http.host; content:"truecartons.in"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528182/; classtype:trojan-activity;sid:83391282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um.php"; depth:7; endswith; nocase; http.host; content:"we-animate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528178/; classtype:trojan-activity;sid:83391278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eou.php"; depth:8; endswith; nocase; http.host; content:"topvalleyreagents.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528179/; classtype:trojan-activity;sid:83391279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tee.php"; depth:8; endswith; nocase; http.host; content:"turnulcuceas.ro"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528180/; classtype:trojan-activity;sid:83391280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiai.php"; depth:9; endswith; nocase; http.host; content:"uberenergi.co.za"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528173/; classtype:trojan-activity;sid:83391273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee.php"; depth:7; endswith; nocase; http.host; content:"silulo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528174/; classtype:trojan-activity;sid:83391274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/let.php"; depth:8; endswith; nocase; http.host; content:"tripideas.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528175/; classtype:trojan-activity;sid:83391275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la.php"; depth:7; endswith; nocase; http.host; content:"saborsa.mx"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528176/; classtype:trojan-activity;sid:83391276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me.php"; depth:7; endswith; nocase; http.host; content:"streann.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528177/; classtype:trojan-activity;sid:83391277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uni.php"; depth:8; endswith; nocase; http.host; content:"tecnologiacontabledh.com.mx"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528170/; classtype:trojan-activity;sid:83391270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu.php"; depth:7; endswith; nocase; http.host; content:"topbos.me"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528171/; classtype:trojan-activity;sid:83391271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pel.php"; depth:8; endswith; nocase; http.host; content:"swarnanagrioldagehomes.com"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528172/; classtype:trojan-activity;sid:83391272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsie.php"; depth:9; endswith; nocase; http.host; content:"thewayfarers.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528164/; classtype:trojan-activity;sid:83391264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mu.php"; depth:7; endswith; nocase; http.host; content:"thewirespeed.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528165/; classtype:trojan-activity;sid:83391265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tigt.php"; depth:9; endswith; nocase; http.host; content:"royalpriesthooduk.org"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528166/; classtype:trojan-activity;sid:83391266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pter.php"; depth:9; endswith; nocase; http.host; content:"xm-abogados.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528167/; classtype:trojan-activity;sid:83391267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peu.php"; depth:8; endswith; nocase; http.host; content:"spancihaz.eu"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528168/; classtype:trojan-activity;sid:83391268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuar.php"; depth:9; endswith; nocase; http.host; content:"tob-it.net"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528169/; classtype:trojan-activity;sid:83391269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is.php"; depth:7; endswith; nocase; http.host; content:"uttaratheicon.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528161/; classtype:trojan-activity;sid:83391261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ir.php"; depth:7; endswith; nocase; http.host; content:"yashswinhealingfoundation.com"; depth:29; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528162/; classtype:trojan-activity;sid:83391262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uar.php"; depth:8; endswith; nocase; http.host; content:"xpertspestcontrol.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528163/; classtype:trojan-activity;sid:83391263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeqs.php"; depth:9; endswith; nocase; http.host; content:"saint-ish.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528159/; classtype:trojan-activity;sid:83391259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nns.php"; depth:8; endswith; nocase; http.host; content:"theaffordables.store"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528160/; classtype:trojan-activity;sid:83391260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dii.php"; depth:8; endswith; nocase; http.host; content:"uhg-sd.org"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528157/; classtype:trojan-activity;sid:83391257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eql.php"; depth:8; endswith; nocase; http.host; content:"sportswatchonline.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528158/; classtype:trojan-activity;sid:83391258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lun.php"; depth:8; endswith; nocase; http.host; content:"starglobalcapital.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528154/; classtype:trojan-activity;sid:83391254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teis.php"; depth:9; endswith; nocase; http.host; content:"schoutenkartoplan.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528155/; classtype:trojan-activity;sid:83391255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eru.php"; depth:8; endswith; nocase; http.host; content:"tinynewbig.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528156/; classtype:trojan-activity;sid:83391256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sus.php"; depth:8; endswith; nocase; http.host; content:"watch-4k-moviez.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528152/; classtype:trojan-activity;sid:83391252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tlmn.php"; depth:9; endswith; nocase; http.host; content:"social.law"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528153/; classtype:trojan-activity;sid:83391253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tin.php"; depth:8; endswith; nocase; http.host; content:"shangai.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528150/; classtype:trojan-activity;sid:83391250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs.php"; depth:7; endswith; nocase; http.host; content:"solovision.net"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528151/; classtype:trojan-activity;sid:83391251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dgo.php"; depth:8; endswith; nocase; http.host; content:"siconmym.org"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528147/; classtype:trojan-activity;sid:83391247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmei.php"; depth:9; endswith; nocase; http.host; content:"theviralkingdom.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528148/; classtype:trojan-activity;sid:83391248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ice.php"; depth:8; endswith; nocase; http.host; content:"sheplus.org"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528149/; classtype:trojan-activity;sid:83391249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncsu.php"; depth:9; endswith; nocase; http.host; content:"thehavenplace.co.uk"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528145/; classtype:trojan-activity;sid:83391245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ito.php"; depth:8; endswith; nocase; http.host; content:"snarfoly.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528146/; classtype:trojan-activity;sid:83391246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tds.php"; depth:8; endswith; nocase; http.host; content:"videladiputado.cl"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528139/; classtype:trojan-activity;sid:83391239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imso.php"; depth:9; endswith; nocase; http.host; content:"vsbngroup.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528140/; classtype:trojan-activity;sid:83391240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pu.php"; depth:7; endswith; nocase; http.host; content:"samiratraveljuara.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528141/; classtype:trojan-activity;sid:83391241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lis.php"; depth:8; endswith; nocase; http.host; content:"steoteam.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528142/; classtype:trojan-activity;sid:83391242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eso.php"; depth:8; endswith; nocase; http.host; content:"saku99.info"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528143/; classtype:trojan-activity;sid:83391243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abau.php"; depth:9; endswith; nocase; http.host; content:"sasbtopup.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528144/; classtype:trojan-activity;sid:83391244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aouu.php"; depth:9; endswith; nocase; http.host; content:"smmexpertup.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528137/; classtype:trojan-activity;sid:83391237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae.php"; depth:7; endswith; nocase; http.host; content:"spectrominers.ltd"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528138/; classtype:trojan-activity;sid:83391238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.24.188.204"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528134/; classtype:trojan-activity;sid:83391234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eett.php"; depth:9; endswith; nocase; http.host; content:"tinkuindustries.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528135/; classtype:trojan-activity;sid:83391235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oes.php"; depth:8; endswith; nocase; http.host; content:"xquisitemodels.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528136/; classtype:trojan-activity;sid:83391236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cap.php"; depth:8; endswith; nocase; http.host; content:"testzentrum.re"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528132/; classtype:trojan-activity;sid:83391232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ems.php"; depth:8; endswith; nocase; http.host; content:"video.jba.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528133/; classtype:trojan-activity;sid:83391233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuq.php"; depth:8; endswith; nocase; http.host; content:"stephenrelief.org"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528128/; classtype:trojan-activity;sid:83391228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm.php"; depth:7; endswith; nocase; http.host; content:"sagunfilms.com.np"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528129/; classtype:trojan-activity;sid:83391229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm.php"; depth:7; endswith; nocase; http.host; content:"seventhup.ml"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528130/; classtype:trojan-activity;sid:83391230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brea.php"; depth:9; endswith; nocase; http.host; content:"swansengineers.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528131/; classtype:trojan-activity;sid:83391231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me.php"; depth:7; endswith; nocase; http.host; content:"wazo.ng"; depth:7; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528127/; classtype:trojan-activity;sid:83391227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee.php"; depth:7; endswith; nocase; http.host; content:"savitaenterprises.co.in"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528123/; classtype:trojan-activity;sid:83391223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ao.php"; depth:7; endswith; nocase; http.host; content:"tennisballmachinehire.co.nz"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528124/; classtype:trojan-activity;sid:83391224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu.php"; depth:7; endswith; nocase; http.host; content:"sxdigital.mx"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528125/; classtype:trojan-activity;sid:83391225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ii.php"; depth:7; endswith; nocase; http.host; content:"tsiwholsalers.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528126/; classtype:trojan-activity;sid:83391226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qut.php"; depth:8; endswith; nocase; http.host; content:"synergyhealthmanagement.com"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528120/; classtype:trojan-activity;sid:83391220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soie.php"; depth:9; endswith; nocase; http.host; content:"sveinfo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528121/; classtype:trojan-activity;sid:83391221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaas.php"; depth:9; endswith; nocase; http.host; content:"tagpakistan.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528122/; classtype:trojan-activity;sid:83391222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ut.php"; depth:7; endswith; nocase; http.host; content:"samnbill.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528118/; classtype:trojan-activity;sid:83391218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dee.php"; depth:8; endswith; nocase; http.host; content:"waterfiltersuae.ae"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528119/; classtype:trojan-activity;sid:83391219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dfu.php"; depth:8; endswith; nocase; http.host; content:"rtpsemanggitoto.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528116/; classtype:trojan-activity;sid:83391216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ru.php"; depth:7; endswith; nocase; http.host; content:"vatsayanfoundation.org"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528117/; classtype:trojan-activity;sid:83391217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etu.php"; depth:8; endswith; nocase; http.host; content:"santecomplete.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528112/; classtype:trojan-activity;sid:83391212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aot.php"; depth:8; endswith; nocase; http.host; content:"secci.com.mx"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528113/; classtype:trojan-activity;sid:83391213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftau.php"; depth:9; endswith; nocase; http.host; content:"wanderlust.services"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528114/; classtype:trojan-activity;sid:83391214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbde.php"; depth:9; endswith; nocase; http.host; content:"smartconsulting.co.th"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528115/; classtype:trojan-activity;sid:83391215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmdt.php"; depth:9; endswith; nocase; http.host; content:"thezoneit.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528109/; classtype:trojan-activity;sid:83391209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uias.php"; depth:9; endswith; nocase; http.host; content:"saven.mx"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528110/; classtype:trojan-activity;sid:83391210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rusn.php"; depth:9; endswith; nocase; http.host; content:"sjp-grom.hr"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528111/; classtype:trojan-activity;sid:83391211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp.php"; depth:7; endswith; nocase; http.host; content:"solutionxp.com.au"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528105/; classtype:trojan-activity;sid:83391205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qda.php"; depth:8; endswith; nocase; http.host; content:"sterys.co.id"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528106/; classtype:trojan-activity;sid:83391206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ete.php"; depth:8; endswith; nocase; http.host; content:"rohanicenter.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528107/; classtype:trojan-activity;sid:83391207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iir.php"; depth:8; endswith; nocase; http.host; content:"trysewa.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528108/; classtype:trojan-activity;sid:83391208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mo.php"; depth:7; endswith; nocase; http.host; content:"sweepvip.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528099/; classtype:trojan-activity;sid:83391199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiqu.php"; depth:9; endswith; nocase; http.host; content:"trymigo.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528100/; classtype:trojan-activity;sid:83391200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mu.php"; depth:7; endswith; nocase; http.host; content:"spsa.adv.br"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528101/; classtype:trojan-activity;sid:83391201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anen.php"; depth:9; endswith; nocase; http.host; content:"saistarschool.in"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528102/; classtype:trojan-activity;sid:83391202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aios.php"; depth:9; endswith; nocase; http.host; content:"vaoskates.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528103/; classtype:trojan-activity;sid:83391203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pa.php"; depth:7; endswith; nocase; http.host; content:"saicoelehra.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528104/; classtype:trojan-activity;sid:83391204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msc.php"; depth:8; endswith; nocase; http.host; content:"szaboagrar.hu"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528097/; classtype:trojan-activity;sid:83391197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si.php"; depth:7; endswith; nocase; http.host; content:"ssaa.me"; depth:7; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528098/; classtype:trojan-activity;sid:83391198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cmsi.php"; depth:9; endswith; nocase; http.host; content:"silocloms.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528096/; classtype:trojan-activity;sid:83391196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auqe.php"; depth:9; endswith; nocase; http.host; content:"tonnywriters.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528094/; classtype:trojan-activity;sid:83391194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lme.php"; depth:8; endswith; nocase; http.host; content:"src.org.zw"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528095/; classtype:trojan-activity;sid:83391195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asl.php"; depth:8; endswith; nocase; http.host; content:"studiodentisticobina.it"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528086/; classtype:trojan-activity;sid:83391186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mi.php"; depth:7; endswith; nocase; http.host; content:"worldofsmokenvape.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528087/; classtype:trojan-activity;sid:83391187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uttu.php"; depth:9; endswith; nocase; http.host; content:"star-resourcesacademy.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528088/; classtype:trojan-activity;sid:83391188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec.php"; depth:7; endswith; nocase; http.host; content:"thetrue.in"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528089/; classtype:trojan-activity;sid:83391189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rc.php"; depth:7; endswith; nocase; http.host; content:"wearne.co.za"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528090/; classtype:trojan-activity;sid:83391190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc.php"; depth:7; endswith; nocase; http.host; content:"whiteweb.site"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528091/; classtype:trojan-activity;sid:83391191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cm.php"; depth:7; endswith; nocase; http.host; content:"whybuyitnow.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528092/; classtype:trojan-activity;sid:83391192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qa.php"; depth:7; endswith; nocase; http.host; content:"turismoastorga.es"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528093/; classtype:trojan-activity;sid:83391193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lnt.php"; depth:8; endswith; nocase; http.host; content:"whitelandcorp.co.in"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528085/; classtype:trojan-activity;sid:83391185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me.php"; depth:7; endswith; nocase; http.host; content:"proosit.eu"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528084/; classtype:trojan-activity;sid:83391184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aoup.php"; depth:9; endswith; nocase; http.host; content:"printawallpaper.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528083/; classtype:trojan-activity;sid:83391183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd.php"; depth:7; endswith; nocase; http.host; content:"omegapowerus.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528082/; classtype:trojan-activity;sid:83391182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abu.php"; depth:8; endswith; nocase; http.host; content:"nohungtesting.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528081/; classtype:trojan-activity;sid:83391181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mniu.php"; depth:9; endswith; nocase; http.host; content:"megashoes.mx"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528080/; classtype:trojan-activity;sid:83391180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et.php"; depth:7; endswith; nocase; http.host; content:"ritikanarula.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528074/; classtype:trojan-activity;sid:83391174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euve.php"; depth:9; endswith; nocase; http.host; content:"newsroomspecial.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528075/; classtype:trojan-activity;sid:83391175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uus.php"; depth:8; endswith; nocase; http.host; content:"nexuscards.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528076/; classtype:trojan-activity;sid:83391176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr.php"; depth:7; endswith; nocase; http.host; content:"postalhub24.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528077/; classtype:trojan-activity;sid:83391177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xate.php"; depth:9; endswith; nocase; http.host; content:"rgbofficial.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528078/; classtype:trojan-activity;sid:83391178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps.php"; depth:7; endswith; nocase; http.host; content:"khansouq.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528079/; classtype:trojan-activity;sid:83391179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iai.php"; depth:8; endswith; nocase; http.host; content:"laith.skin"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528071/; classtype:trojan-activity;sid:83391171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ens.php"; depth:8; endswith; nocase; http.host; content:"onespect.in"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528072/; classtype:trojan-activity;sid:83391172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ven.php"; depth:8; endswith; nocase; http.host; content:"jandjtowing.com.au"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528073/; classtype:trojan-activity;sid:83391173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le.php"; depth:7; endswith; nocase; http.host; content:"jeshtarithfoundation.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528068/; classtype:trojan-activity;sid:83391168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/at.php"; depth:7; endswith; nocase; http.host; content:"mibodadigital.com.mx"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528069/; classtype:trojan-activity;sid:83391169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne.php"; depth:7; endswith; nocase; http.host; content:"myonlinetechnology.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528070/; classtype:trojan-activity;sid:83391170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tc.php"; depth:7; endswith; nocase; http.host; content:"portoepi.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528067/; classtype:trojan-activity;sid:83391167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/td.php"; depth:7; endswith; nocase; http.host; content:"ndttrainingcoimbatore.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528063/; classtype:trojan-activity;sid:83391163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aq.php"; depth:7; endswith; nocase; http.host; content:"rakart.co.il"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528064/; classtype:trojan-activity;sid:83391164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ev.php"; depth:7; endswith; nocase; http.host; content:"newengineeringjournal.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528065/; classtype:trojan-activity;sid:83391165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ium.php"; depth:8; endswith; nocase; http.host; content:"ritafreshfood.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528066/; classtype:trojan-activity;sid:83391166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ubn.php"; depth:8; endswith; nocase; http.host; content:"redimidosiglesia.org"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528059/; classtype:trojan-activity;sid:83391159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teee.php"; depth:9; endswith; nocase; http.host; content:"proconsumidor.gob.do"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528060/; classtype:trojan-activity;sid:83391160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qi.php"; depth:7; endswith; nocase; http.host; content:"northfieldbn.online"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528061/; classtype:trojan-activity;sid:83391161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uaru.php"; depth:9; endswith; nocase; http.host; content:"returnbeez.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528062/; classtype:trojan-activity;sid:83391162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee.php"; depth:7; endswith; nocase; http.host; content:"qsolconsulting.net"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528057/; classtype:trojan-activity;sid:83391157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aimn.php"; depth:9; endswith; nocase; http.host; content:"mokarabia.co.uk"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528058/; classtype:trojan-activity;sid:83391158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed.php"; depth:7; endswith; nocase; http.host; content:"rcfaai.org"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528054/; classtype:trojan-activity;sid:83391154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eold.php"; depth:9; endswith; nocase; http.host; content:"oliverservice.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528055/; classtype:trojan-activity;sid:83391155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esre.php"; depth:9; endswith; nocase; http.host; content:"muath.shop"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528056/; classtype:trojan-activity;sid:83391156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ao.php"; depth:7; endswith; nocase; http.host; content:"pensburylaw.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528053/; classtype:trojan-activity;sid:83391153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reet.php"; depth:9; endswith; nocase; http.host; content:"preciousgatetech.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528050/; classtype:trojan-activity;sid:83391150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpi.php"; depth:8; endswith; nocase; http.host; content:"orcinus.pt"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528051/; classtype:trojan-activity;sid:83391151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sirt.php"; depth:9; endswith; nocase; http.host; content:"parkavanmatrimony.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528052/; classtype:trojan-activity;sid:83391152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elnm.php"; depth:9; endswith; nocase; http.host; content:"moroccotraveltime.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528046/; classtype:trojan-activity;sid:83391146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nr.php"; depth:7; endswith; nocase; http.host; content:"multiteknindo.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528047/; classtype:trojan-activity;sid:83391147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo.php"; depth:7; endswith; nocase; http.host; content:"realestatesalesuccess.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528048/; classtype:trojan-activity;sid:83391148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tips.php"; depth:9; endswith; nocase; http.host; content:"mcnerchowk.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528049/; classtype:trojan-activity;sid:83391149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ian.php"; depth:8; endswith; nocase; http.host; content:"publicidad-banquetes.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528043/; classtype:trojan-activity;sid:83391143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrlm.php"; depth:9; endswith; nocase; http.host; content:"musicaitaliana.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528044/; classtype:trojan-activity;sid:83391144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esu.php"; depth:8; endswith; nocase; http.host; content:"muhamediherbalremedies.co.ke"; depth:28; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528045/; classtype:trojan-activity;sid:83391145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muql.php"; depth:9; endswith; nocase; http.host; content:"ppibeast.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528040/; classtype:trojan-activity;sid:83391140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uemu.php"; depth:9; endswith; nocase; http.host; content:"omra-hajj.ma"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528041/; classtype:trojan-activity;sid:83391141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cea.php"; depth:8; endswith; nocase; http.host; content:"mtsitemayang.sch.id"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528042/; classtype:trojan-activity;sid:83391142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei.php"; depth:7; endswith; nocase; http.host; content:"marrakech-city-breaks.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528037/; classtype:trojan-activity;sid:83391137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sei.php"; depth:8; endswith; nocase; http.host; content:"mahadiofficial.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528038/; classtype:trojan-activity;sid:83391138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrn.php"; depth:8; endswith; nocase; http.host; content:"ramirezperezabogados.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528039/; classtype:trojan-activity;sid:83391139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bm.php"; depth:7; endswith; nocase; http.host; content:"riteherbs.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528033/; classtype:trojan-activity;sid:83391133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gau.php"; depth:8; endswith; nocase; http.host; content:"logicmov.link"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528034/; classtype:trojan-activity;sid:83391134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fo.php"; depth:7; endswith; nocase; http.host; content:"optimaplus.site"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528035/; classtype:trojan-activity;sid:83391135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro.php"; depth:7; endswith; nocase; http.host; content:"manrav.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528036/; classtype:trojan-activity;sid:83391136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eifa.php"; depth:9; endswith; nocase; http.host; content:"mysme.my"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528032/; classtype:trojan-activity;sid:83391132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae.php"; depth:7; endswith; nocase; http.host; content:"lafuncion.mx"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528025/; classtype:trojan-activity;sid:83391125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqs.php"; depth:8; endswith; nocase; http.host; content:"rgssoftwaresolution.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528026/; classtype:trojan-activity;sid:83391126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/es.php"; depth:7; endswith; nocase; http.host; content:"loyalmainecooncattery.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528027/; classtype:trojan-activity;sid:83391127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nni.php"; depth:8; endswith; nocase; http.host; content:"mrmmermer.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528028/; classtype:trojan-activity;sid:83391128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqu.php"; depth:8; endswith; nocase; http.host; content:"macro.co.id"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528029/; classtype:trojan-activity;sid:83391129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/st.php"; depth:7; endswith; nocase; http.host; content:"onlinefitnessboost.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528030/; classtype:trojan-activity;sid:83391130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntl.php"; depth:8; endswith; nocase; http.host; content:"majdoleen-jewellery.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528031/; classtype:trojan-activity;sid:83391131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iapl.php"; depth:9; endswith; nocase; http.host; content:"massachusettsseo.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528024/; classtype:trojan-activity;sid:83391124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aert.php"; depth:9; endswith; nocase; http.host; content:"jgs.fyi"; depth:7; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528022/; classtype:trojan-activity;sid:83391122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cin.php"; depth:8; endswith; nocase; http.host; content:"queen-fashion.co"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528023/; classtype:trojan-activity;sid:83391123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmr.php"; depth:8; endswith; nocase; http.host; content:"jaybalajirotoplast.co.in"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528019/; classtype:trojan-activity;sid:83391119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pu.php"; depth:7; endswith; nocase; http.host; content:"mysticlife.online"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528020/; classtype:trojan-activity;sid:83391120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eihv.php"; depth:9; endswith; nocase; http.host; content:"memberowls.io"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528021/; classtype:trojan-activity;sid:83391121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xidt.php"; depth:9; endswith; nocase; http.host; content:"networkstore.id"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528016/; classtype:trojan-activity;sid:83391116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/au.php"; depth:7; endswith; nocase; http.host; content:"pcdl4kids.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528017/; classtype:trojan-activity;sid:83391117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeu.php"; depth:8; endswith; nocase; http.host; content:"marboconinc.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528018/; classtype:trojan-activity;sid:83391118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pes.php"; depth:8; endswith; nocase; http.host; content:"posnonti.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528012/; classtype:trojan-activity;sid:83391112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eu.php"; depth:7; endswith; nocase; http.host; content:"rashidaltamimi.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528013/; classtype:trojan-activity;sid:83391113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as.php"; depth:7; endswith; nocase; http.host; content:"ktbirs.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528014/; classtype:trojan-activity;sid:83391114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tan.php"; depth:8; endswith; nocase; http.host; content:"lexpremier.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528015/; classtype:trojan-activity;sid:83391115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ced.php"; depth:8; endswith; nocase; http.host; content:"minspartyhire.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528007/; classtype:trojan-activity;sid:83391107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tume.php"; depth:9; endswith; nocase; http.host; content:"mjasphaltpavingmn.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528008/; classtype:trojan-activity;sid:83391108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts.php"; depth:7; endswith; nocase; http.host; content:"rfqtend.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528009/; classtype:trojan-activity;sid:83391109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pse.php"; depth:8; endswith; nocase; http.host; content:"parasautorickshaw.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528010/; classtype:trojan-activity;sid:83391110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie.php"; depth:7; endswith; nocase; http.host; content:"moroccotravelconnection.com"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528011/; classtype:trojan-activity;sid:83391111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cirr.php"; depth:9; endswith; nocase; http.host; content:"muyisphere.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528006/; classtype:trojan-activity;sid:83391106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di.php"; depth:7; endswith; nocase; http.host; content:"lobanov-design.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528004/; classtype:trojan-activity;sid:83391104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is.php"; depth:7; endswith; nocase; http.host; content:"jupitercanvas.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528005/; classtype:trojan-activity;sid:83391105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tene.php"; depth:9; endswith; nocase; http.host; content:"kryedent.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528000/; classtype:trojan-activity;sid:83391100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idp.php"; depth:8; endswith; nocase; http.host; content:"newagedigitalzk.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528001/; classtype:trojan-activity;sid:83391101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riqe.php"; depth:9; endswith; nocase; http.host; content:"koksoftec.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528002/; classtype:trojan-activity;sid:83391102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2528003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfa.php"; depth:8; endswith; nocase; http.host; content:"pawa2u.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2528003/; classtype:trojan-activity;sid:83391103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mbts.php"; depth:9; endswith; nocase; http.host; content:"outdoorawaits.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527997/; classtype:trojan-activity;sid:83391097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tct.php"; depth:8; endswith; nocase; http.host; content:"maishahba.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527998/; classtype:trojan-activity;sid:83391098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvne.php"; depth:9; endswith; nocase; http.host; content:"medisoups.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527999/; classtype:trojan-activity;sid:83391099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed.php"; depth:7; endswith; nocase; http.host; content:"propagate.business"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527995/; classtype:trojan-activity;sid:83391095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am.php"; depth:7; endswith; nocase; http.host; content:"mtiba.info"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527996/; classtype:trojan-activity;sid:83391096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te.php"; depth:7; endswith; nocase; http.host; content:"mytrip.ng"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527994/; classtype:trojan-activity;sid:83391094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ieh.php"; depth:8; endswith; nocase; http.host; content:"pea1129.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527993/; classtype:trojan-activity;sid:83391093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nre.php"; depth:8; endswith; nocase; http.host; content:"oksep.vn"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527992/; classtype:trojan-activity;sid:83391092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau.php"; depth:8; endswith; nocase; http.host; content:"polipro.lt"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527988/; classtype:trojan-activity;sid:83391088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pus.php"; depth:8; endswith; nocase; http.host; content:"megachargerz.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527989/; classtype:trojan-activity;sid:83391089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuq.php"; depth:8; endswith; nocase; http.host; content:"jadsenerytrading.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527990/; classtype:trojan-activity;sid:83391090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nun.php"; depth:8; endswith; nocase; http.host; content:"rcnauchi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527991/; classtype:trojan-activity;sid:83391091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuq.php"; depth:8; endswith; nocase; http.host; content:"medspaserenity.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527985/; classtype:trojan-activity;sid:83391085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qe.php"; depth:7; endswith; nocase; http.host; content:"prayojan.net"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527986/; classtype:trojan-activity;sid:83391086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aam.php"; depth:8; endswith; nocase; http.host; content:"kasim.guru"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527987/; classtype:trojan-activity;sid:83391087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ll.php"; depth:7; endswith; nocase; http.host; content:"payzoidtech.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527983/; classtype:trojan-activity;sid:83391083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sto.php"; depth:8; endswith; nocase; http.host; content:"kadan.one"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527984/; classtype:trojan-activity;sid:83391084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utic.php"; depth:9; endswith; nocase; http.host; content:"mysite.com.ng"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527979/; classtype:trojan-activity;sid:83391079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pi.php"; depth:7; endswith; nocase; http.host; content:"ogbongereporter.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527980/; classtype:trojan-activity;sid:83391080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qa.php"; depth:7; endswith; nocase; http.host; content:"rebeccaguffey.com.ng"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527981/; classtype:trojan-activity;sid:83391081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uuot.php"; depth:9; endswith; nocase; http.host; content:"mosibinaebisolicitors.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527982/; classtype:trojan-activity;sid:83391082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/este.php"; depth:9; endswith; nocase; http.host; content:"outreach.digital"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527976/; classtype:trojan-activity;sid:83391076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp.php"; depth:7; endswith; nocase; http.host; content:"krismaartstore.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527977/; classtype:trojan-activity;sid:83391077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eq.php"; depth:7; endswith; nocase; http.host; content:"mesptitescrea.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527978/; classtype:trojan-activity;sid:83391078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xs.php"; depth:7; endswith; nocase; http.host; content:"jorgefernandezh.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527972/; classtype:trojan-activity;sid:83391072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io.php"; depth:7; endswith; nocase; http.host; content:"janjigacor.host"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527973/; classtype:trojan-activity;sid:83391073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq.php"; depth:7; endswith; nocase; http.host; content:"mustaffisl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527974/; classtype:trojan-activity;sid:83391074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nqus.php"; depth:9; endswith; nocase; http.host; content:"kerja.id"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527975/; classtype:trojan-activity;sid:83391075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttv.php"; depth:8; endswith; nocase; http.host; content:"ramfoods.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527968/; classtype:trojan-activity;sid:83391068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imi.php"; depth:8; endswith; nocase; http.host; content:"loopcoders.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527969/; classtype:trojan-activity;sid:83391069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss.php"; depth:7; endswith; nocase; http.host; content:"pxgamez.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527970/; classtype:trojan-activity;sid:83391070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uaai.php"; depth:9; endswith; nocase; http.host; content:"mrcarz.co.in"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527971/; classtype:trojan-activity;sid:83391071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dim.php"; depth:8; endswith; nocase; http.host; content:"odds4life.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527963/; classtype:trojan-activity;sid:83391063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afua.php"; depth:9; endswith; nocase; http.host; content:"lasarteslima.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527964/; classtype:trojan-activity;sid:83391064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qeus.php"; depth:9; endswith; nocase; http.host; content:"pakhyoils.pk"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527965/; classtype:trojan-activity;sid:83391065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ofi.php"; depth:8; endswith; nocase; http.host; content:"ludotecaempresarial.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527966/; classtype:trojan-activity;sid:83391066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rab.php"; depth:8; endswith; nocase; http.host; content:"prodesignsstudio.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527967/; classtype:trojan-activity;sid:83391067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vpla.php"; depth:9; endswith; nocase; http.host; content:"mohmayatravels.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527958/; classtype:trojan-activity;sid:83391058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeat.php"; depth:9; endswith; nocase; http.host; content:"master-bucks.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527959/; classtype:trojan-activity;sid:83391059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aman.php"; depth:9; endswith; nocase; http.host; content:"liodon.one"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527960/; classtype:trojan-activity;sid:83391060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al.php"; depth:7; endswith; nocase; http.host; content:"reachoutsms.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527961/; classtype:trojan-activity;sid:83391061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sif.php"; depth:8; endswith; nocase; http.host; content:"moretressessalon.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527962/; classtype:trojan-activity;sid:83391062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn.php"; depth:7; endswith; nocase; http.host; content:"merafarmhouse.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527955/; classtype:trojan-activity;sid:83391055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeoe.php"; depth:9; endswith; nocase; http.host; content:"pjgoodwin.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527956/; classtype:trojan-activity;sid:83391056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upi.php"; depth:8; endswith; nocase; http.host; content:"mmtalks.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527957/; classtype:trojan-activity;sid:83391057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei.php"; depth:7; endswith; nocase; http.host; content:"lumea-strumfilor.ro"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527954/; classtype:trojan-activity;sid:83391054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqts.php"; depth:9; endswith; nocase; http.host; content:"mishra-enterprises.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527950/; classtype:trojan-activity;sid:83391050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu.php"; depth:7; endswith; nocase; http.host; content:"oomapas-santiago.gob.mx"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527951/; classtype:trojan-activity;sid:83391051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or.php"; depth:7; endswith; nocase; http.host; content:"pharmaqueen.in"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527952/; classtype:trojan-activity;sid:83391052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pue.php"; depth:8; endswith; nocase; http.host; content:"marrakechcitybreak.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527953/; classtype:trojan-activity;sid:83391053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eou.php"; depth:8; endswith; nocase; http.host; content:"photos-tips.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527947/; classtype:trojan-activity;sid:83391047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ut.php"; depth:7; endswith; nocase; http.host; content:"neerajagrawal.in"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527948/; classtype:trojan-activity;sid:83391048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sedu.php"; depth:9; endswith; nocase; http.host; content:"myfilmdb.info"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527949/; classtype:trojan-activity;sid:83391049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ist.php"; depth:8; endswith; nocase; http.host; content:"pinjamsini.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527942/; classtype:trojan-activity;sid:83391042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to.php"; depth:7; endswith; nocase; http.host; content:"muskan-bd.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527943/; classtype:trojan-activity;sid:83391043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apo.php"; depth:8; endswith; nocase; http.host; content:"lpolinessconstructions.com.au"; depth:29; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527944/; classtype:trojan-activity;sid:83391044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.php"; depth:7; endswith; nocase; http.host; content:"majeedkhanindopak.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527945/; classtype:trojan-activity;sid:83391045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eenu.php"; depth:9; endswith; nocase; http.host; content:"offended.marketing"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527946/; classtype:trojan-activity;sid:83391046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sorm.php"; depth:9; endswith; nocase; http.host; content:"kshospitalmandi.in"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527941/; classtype:trojan-activity;sid:83391041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et.php"; depth:7; endswith; nocase; http.host; content:"podomorolaser.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527936/; classtype:trojan-activity;sid:83391036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etba.php"; depth:9; endswith; nocase; http.host; content:"lermark.com.mx"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527937/; classtype:trojan-activity;sid:83391037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eri.php"; depth:8; endswith; nocase; http.host; content:"millionairesteam.online"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527938/; classtype:trojan-activity;sid:83391038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tna.php"; depth:8; endswith; nocase; http.host; content:"lapicadelrorro.cl"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527939/; classtype:trojan-activity;sid:83391039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pi.php"; depth:7; endswith; nocase; http.host; content:"majhool.us"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527940/; classtype:trojan-activity;sid:83391040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elsi.php"; depth:9; endswith; nocase; http.host; content:"niior.com"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527931/; classtype:trojan-activity;sid:83391031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sii.php"; depth:8; endswith; nocase; http.host; content:"morocco-excursion.net"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527932/; classtype:trojan-activity;sid:83391032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/non.php"; depth:8; endswith; nocase; http.host; content:"lifefirstrescuemission.com"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527933/; classtype:trojan-activity;sid:83391033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa.php"; depth:7; endswith; nocase; http.host; content:"megavesting.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527934/; classtype:trojan-activity;sid:83391034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttsu.php"; depth:9; endswith; nocase; http.host; content:"jerkin-group.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527935/; classtype:trojan-activity;sid:83391035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmu.php"; depth:8; endswith; nocase; http.host; content:"myguardianangels-technology.com"; depth:31; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527929/; classtype:trojan-activity;sid:83391029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ette.php"; depth:9; endswith; nocase; http.host; content:"legalchoques.cl"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527930/; classtype:trojan-activity;sid:83391030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/init.php"; depth:9; endswith; nocase; http.host; content:"omegagatehomes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527925/; classtype:trojan-activity;sid:83391025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmuo.php"; depth:9; endswith; nocase; http.host; content:"realtakglobal.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527926/; classtype:trojan-activity;sid:83391026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rent.php"; depth:9; endswith; nocase; http.host; content:"mabmllc.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527927/; classtype:trojan-activity;sid:83391027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euu.php"; depth:8; endswith; nocase; http.host; content:"joomlaempresa.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527928/; classtype:trojan-activity;sid:83391028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/il.php"; depth:7; endswith; nocase; http.host; content:"nikthedesigner.net"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527923/; classtype:trojan-activity;sid:83391023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rc.php"; depth:7; endswith; nocase; http.host; content:"marrakechcitybreaks.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527924/; classtype:trojan-activity;sid:83391024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neas.php"; depth:9; endswith; nocase; http.host; content:"khokharconstruction.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527920/; classtype:trojan-activity;sid:83391020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xiqi.php"; depth:9; endswith; nocase; http.host; content:"jedsblog.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527921/; classtype:trojan-activity;sid:83391021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elp.php"; depth:8; endswith; nocase; http.host; content:"mrn.ps"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527922/; classtype:trojan-activity;sid:83391022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am.php"; depth:7; endswith; nocase; http.host; content:"maryzad.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527919/; classtype:trojan-activity;sid:83391019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfi.php"; depth:8; endswith; nocase; http.host; content:"pointlight.co.id"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527917/; classtype:trojan-activity;sid:83391017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erc.php"; depth:8; endswith; nocase; http.host; content:"pedagogy.live"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527918/; classtype:trojan-activity;sid:83391018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iufm.php"; depth:9; endswith; nocase; http.host; content:"riddimrootzradio.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527915/; classtype:trojan-activity;sid:83391015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olu.php"; depth:8; endswith; nocase; http.host; content:"kindreepreschoolandactivitycentre.com"; depth:37; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527916/; classtype:trojan-activity;sid:83391016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic.php"; depth:7; endswith; nocase; http.host; content:"iyeforum.org"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527911/; classtype:trojan-activity;sid:83391011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ree.php"; depth:8; endswith; nocase; http.host; content:"paradisepublicschool.in"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527912/; classtype:trojan-activity;sid:83391012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iie.php"; depth:8; endswith; nocase; http.host; content:"reercelik.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527913/; classtype:trojan-activity;sid:83391013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uitn.php"; depth:9; endswith; nocase; http.host; content:"logistica-cr.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527914/; classtype:trojan-activity;sid:83391014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aus.php"; depth:8; endswith; nocase; http.host; content:"nigerianscope.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527909/; classtype:trojan-activity;sid:83391009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nna.php"; depth:8; endswith; nocase; http.host; content:"kingdiamoond.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527910/; classtype:trojan-activity;sid:83391010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipts.php"; depth:9; endswith; nocase; http.host; content:"peugeotbayi.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527905/; classtype:trojan-activity;sid:83391005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utme.php"; depth:9; endswith; nocase; http.host; content:"lgcpeten.org"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527906/; classtype:trojan-activity;sid:83391006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supu.php"; depth:9; endswith; nocase; http.host; content:"quantitativeresearch.info"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527907/; classtype:trojan-activity;sid:83391007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae.php"; depth:7; endswith; nocase; http.host; content:"juankarlo.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527908/; classtype:trojan-activity;sid:83391008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne.php"; depth:7; endswith; nocase; http.host; content:"premium.gd"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527901/; classtype:trojan-activity;sid:83391001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/texe.php"; depth:9; endswith; nocase; http.host; content:"obucatrend.rs"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527902/; classtype:trojan-activity;sid:83391002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aucs.php"; depth:9; endswith; nocase; http.host; content:"loubiz.net"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527903/; classtype:trojan-activity;sid:83391003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ft.php"; depth:7; endswith; nocase; http.host; content:"journeyjoy.pk"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527904/; classtype:trojan-activity;sid:83391004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ati.php"; depth:8; endswith; nocase; http.host; content:"mamlakach.sa"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527900/; classtype:trojan-activity;sid:83391000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulm.php"; depth:8; endswith; nocase; http.host; content:"mcsundernagar.in"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527894/; classtype:trojan-activity;sid:83390994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et.php"; depth:7; endswith; nocase; http.host; content:"qdiagnostics.in"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527895/; classtype:trojan-activity;sid:83390995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emdn.php"; depth:9; endswith; nocase; http.host; content:"keservices.net"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527896/; classtype:trojan-activity;sid:83390996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/es.php"; depth:7; endswith; nocase; http.host; content:"noahrivercollection.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527897/; classtype:trojan-activity;sid:83390997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udi.php"; depth:8; endswith; nocase; http.host; content:"morocco-excursions.net"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527898/; classtype:trojan-activity;sid:83390998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io.php"; depth:7; endswith; nocase; http.host; content:"qualityhomehq.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527899/; classtype:trojan-activity;sid:83390999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suro.php"; depth:9; endswith; nocase; http.host; content:"qayali.az"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527891/; classtype:trojan-activity;sid:83390991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ieu.php"; depth:8; endswith; nocase; http.host; content:"microperts.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527892/; classtype:trojan-activity;sid:83390992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/td.php"; depth:7; endswith; nocase; http.host; content:"kusaiad.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527893/; classtype:trojan-activity;sid:83390993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xd.php"; depth:7; endswith; nocase; http.host; content:"mapakgroup.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527890/; classtype:trojan-activity;sid:83390990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qua.php"; depth:8; endswith; nocase; http.host; content:"milexinc.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527888/; classtype:trojan-activity;sid:83390988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tar.php"; depth:8; endswith; nocase; http.host; content:"mdhntest.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527889/; classtype:trojan-activity;sid:83390989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stt.php"; depth:8; endswith; nocase; http.host; content:"nisd.edu.in"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527886/; classtype:trojan-activity;sid:83390986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hunt.php"; depth:9; endswith; nocase; http.host; content:"multiarticlesjournal.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527887/; classtype:trojan-activity;sid:83390987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rolt.php"; depth:9; endswith; nocase; http.host; content:"metalurgistas.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527883/; classtype:trojan-activity;sid:83390983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip.php"; depth:7; endswith; nocase; http.host; content:"kaujemart.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527884/; classtype:trojan-activity;sid:83390984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teiv.php"; depth:9; endswith; nocase; http.host; content:"mac-coin.world"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527885/; classtype:trojan-activity;sid:83390985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uac.php"; depth:8; endswith; nocase; http.host; content:"perfecthandshealthcare.com"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527880/; classtype:trojan-activity;sid:83390980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pc.php"; depth:7; endswith; nocase; http.host; content:"pricha.ba"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527881/; classtype:trojan-activity;sid:83390981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aot.php"; depth:8; endswith; nocase; http.host; content:"manavsewatrust.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527882/; classtype:trojan-activity;sid:83390982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec.php"; depth:7; endswith; nocase; http.host; content:"johnsaversengineering.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527876/; classtype:trojan-activity;sid:83390976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ni.php"; depth:7; endswith; nocase; http.host; content:"emdadsepehran.ir"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527877/; classtype:trojan-activity;sid:83390977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsqn.php"; depth:9; endswith; nocase; http.host; content:"myhootcard.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527878/; classtype:trojan-activity;sid:83390978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oqi.php"; depth:8; endswith; nocase; http.host; content:"olympicscientific.ca"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527879/; classtype:trojan-activity;sid:83390979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dii.php"; depth:8; endswith; nocase; http.host; content:"malawisounds.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527869/; classtype:trojan-activity;sid:83390969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iq.php"; depth:7; endswith; nocase; http.host; content:"krediti-austrija.at"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527870/; classtype:trojan-activity;sid:83390970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idei.php"; depth:9; endswith; nocase; http.host; content:"pitrupuja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527871/; classtype:trojan-activity;sid:83390971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uth.php"; depth:8; endswith; nocase; http.host; content:"masterkhushi.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527872/; classtype:trojan-activity;sid:83390972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is.php"; depth:7; endswith; nocase; http.host; content:"parachemcps.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527873/; classtype:trojan-activity;sid:83390973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdiv.php"; depth:9; endswith; nocase; http.host; content:"mygamelinks.biz"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527874/; classtype:trojan-activity;sid:83390974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsl.php"; depth:8; endswith; nocase; http.host; content:"justaskinsurance.co.in"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527875/; classtype:trojan-activity;sid:83390975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mv.php"; depth:7; endswith; nocase; http.host; content:"law4reveryone.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527866/; classtype:trojan-activity;sid:83390966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qq.php"; depth:7; endswith; nocase; http.host; content:"marifahinn.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527867/; classtype:trojan-activity;sid:83390967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uit.php"; depth:8; endswith; nocase; http.host; content:"neuvisual.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527868/; classtype:trojan-activity;sid:83390968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qm.php"; depth:7; endswith; nocase; http.host; content:"penabangsa.web.id"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527865/; classtype:trojan-activity;sid:83390965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ut.php"; depth:7; endswith; nocase; http.host; content:"my.ln.ly"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527862/; classtype:trojan-activity;sid:83390962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cer.php"; depth:8; endswith; nocase; http.host; content:"mookapetid.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527863/; classtype:trojan-activity;sid:83390963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipnr.php"; depth:9; endswith; nocase; http.host; content:"masoudsaffron.ir"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527864/; classtype:trojan-activity;sid:83390964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ese.php"; depth:8; endswith; nocase; http.host; content:"progres.dev"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527859/; classtype:trojan-activity;sid:83390959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmi.php"; depth:8; endswith; nocase; http.host; content:"mentorslab.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527860/; classtype:trojan-activity;sid:83390960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iaqi.php"; depth:9; endswith; nocase; http.host; content:"lifesafeweb.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527861/; classtype:trojan-activity;sid:83390961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as.php"; depth:7; endswith; nocase; http.host; content:"onlinedealbazar.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527858/; classtype:trojan-activity;sid:83390958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eoud.php"; depth:9; endswith; nocase; http.host; content:"orbithospital.in"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527856/; classtype:trojan-activity;sid:83390956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lqsr.php"; depth:9; endswith; nocase; http.host; content:"lineyshadayal.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527857/; classtype:trojan-activity;sid:83390957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/se.php"; depth:7; endswith; nocase; http.host; content:"kusomainternational.org"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527849/; classtype:trojan-activity;sid:83390949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sue.php"; depth:8; endswith; nocase; http.host; content:"k2skysports.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527850/; classtype:trojan-activity;sid:83390950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia.php"; depth:7; endswith; nocase; http.host; content:"ngcloud.ma"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527851/; classtype:trojan-activity;sid:83390951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sue.php"; depth:8; endswith; nocase; http.host; content:"mpd-construct.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527852/; classtype:trojan-activity;sid:83390952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pair.php"; depth:9; endswith; nocase; http.host; content:"prorent.mx"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527853/; classtype:trojan-activity;sid:83390953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue.php"; depth:7; endswith; nocase; http.host; content:"mservicetbs.ge"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527854/; classtype:trojan-activity;sid:83390954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ste.php"; depth:8; endswith; nocase; http.host; content:"multigps.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527855/; classtype:trojan-activity;sid:83390955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr.php"; depth:7; endswith; nocase; http.host; content:"minecraftcoinsgenerator.com"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527837/; classtype:trojan-activity;sid:83390937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iu.php"; depth:7; endswith; nocase; http.host; content:"karwaneramzantravel.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527838/; classtype:trojan-activity;sid:83390938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uets.php"; depth:9; endswith; nocase; http.host; content:"orvidekibarka.hu"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527839/; classtype:trojan-activity;sid:83390939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apu.php"; depth:8; endswith; nocase; http.host; content:"messagegc.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527840/; classtype:trojan-activity;sid:83390940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei.php"; depth:7; endswith; nocase; http.host; content:"lijasyabrasivos.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527841/; classtype:trojan-activity;sid:83390941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oreo.php"; depth:9; endswith; nocase; http.host; content:"leposky.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527842/; classtype:trojan-activity;sid:83390942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilai.php"; depth:9; endswith; nocase; http.host; content:"mmattorneys.co.tz"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527843/; classtype:trojan-activity;sid:83390943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sam.php"; depth:8; endswith; nocase; http.host; content:"jamesnewbury.co.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527844/; classtype:trojan-activity;sid:83390944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tqam.php"; depth:9; endswith; nocase; http.host; content:"kwachamusic.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527845/; classtype:trojan-activity;sid:83390945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rme.php"; depth:8; endswith; nocase; http.host; content:"organic-tours.pk"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527846/; classtype:trojan-activity;sid:83390946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/no.php"; depth:7; endswith; nocase; http.host; content:"pakbookshub.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527847/; classtype:trojan-activity;sid:83390947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vem.php"; depth:8; endswith; nocase; http.host; content:"morocco-incentive.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527848/; classtype:trojan-activity;sid:83390948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nci.php"; depth:8; endswith; nocase; http.host; content:"miprm.edu.pk"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527831/; classtype:trojan-activity;sid:83390931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iisi.php"; depth:9; endswith; nocase; http.host; content:"moonexpertss.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527832/; classtype:trojan-activity;sid:83390932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eips.php"; depth:9; endswith; nocase; http.host; content:"redssoma.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527833/; classtype:trojan-activity;sid:83390933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rerr.php"; depth:9; endswith; nocase; http.host; content:"possibilitiesglobal.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527834/; classtype:trojan-activity;sid:83390934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vo.php"; depth:7; endswith; nocase; http.host; content:"poshub.best"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527835/; classtype:trojan-activity;sid:83390935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teuo.php"; depth:9; endswith; nocase; http.host; content:"mdjoynalabedin.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527836/; classtype:trojan-activity;sid:83390936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xuln.php"; depth:9; endswith; nocase; http.host; content:"rajnewskannada.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527829/; classtype:trojan-activity;sid:83390929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taqe.php"; depth:9; endswith; nocase; http.host; content:"mypaani.in"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527830/; classtype:trojan-activity;sid:83390930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hcni.php"; depth:9; endswith; nocase; http.host; content:"dayuone.com.tw"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527828/; classtype:trojan-activity;sid:83390928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul.php"; depth:7; endswith; nocase; http.host; content:"goooshi.ir"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527827/; classtype:trojan-activity;sid:83390927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ap.php"; depth:7; endswith; nocase; http.host; content:"greenmineracao.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527826/; classtype:trojan-activity;sid:83390926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibit.php"; depth:9; endswith; nocase; http.host; content:"differentlife.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527825/; classtype:trojan-activity;sid:83390925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tlie.php"; depth:9; endswith; nocase; http.host; content:"investmentforms.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527824/; classtype:trojan-activity;sid:83390924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa.php"; depth:7; endswith; nocase; http.host; content:"dventuresworld.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527823/; classtype:trojan-activity;sid:83390923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er.php"; depth:7; endswith; nocase; http.host; content:"fnxsport.net"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527822/; classtype:trojan-activity;sid:83390922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uo.php"; depth:7; endswith; nocase; http.host; content:"herainspection.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527816/; classtype:trojan-activity;sid:83390916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de.php"; depth:7; endswith; nocase; http.host; content:"gypshade.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527817/; classtype:trojan-activity;sid:83390917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suec.php"; depth:9; endswith; nocase; http.host; content:"hexadigital.ae"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527818/; classtype:trojan-activity;sid:83390918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsi.php"; depth:8; endswith; nocase; http.host; content:"indus.pk"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527819/; classtype:trojan-activity;sid:83390919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afs.php"; depth:8; endswith; nocase; http.host; content:"iptvtechno.us"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527820/; classtype:trojan-activity;sid:83390920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mao.php"; depth:8; endswith; nocase; http.host; content:"gracepolytechnic.edu.ng"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527821/; classtype:trojan-activity;sid:83390921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suqi.php"; depth:9; endswith; nocase; http.host; content:"happydaysinternationalschool.com"; depth:32; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527814/; classtype:trojan-activity;sid:83390914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otam.php"; depth:9; endswith; nocase; http.host; content:"hchm.edu.np"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527815/; classtype:trojan-activity;sid:83390915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itqe.php"; depth:9; endswith; nocase; http.host; content:"hobbywan.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527812/; classtype:trojan-activity;sid:83390912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alro.php"; depth:9; endswith; nocase; http.host; content:"designingenious.co.uk"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527813/; classtype:trojan-activity;sid:83390913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn.php"; depth:7; endswith; nocase; http.host; content:"imilon.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527810/; classtype:trojan-activity;sid:83390910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/troe.php"; depth:9; endswith; nocase; http.host; content:"experimantis.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527811/; classtype:trojan-activity;sid:83390911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eu.php"; depth:7; endswith; nocase; http.host; content:"go247support.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527807/; classtype:trojan-activity;sid:83390907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meee.php"; depth:9; endswith; nocase; http.host; content:"fliicha.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527808/; classtype:trojan-activity;sid:83390908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aau.php"; depth:8; endswith; nocase; http.host; content:"doctorniagara.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527809/; classtype:trojan-activity;sid:83390909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iae.php"; depth:8; endswith; nocase; http.host; content:"cuahangxenang.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527803/; classtype:trojan-activity;sid:83390903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mn.php"; depth:7; endswith; nocase; http.host; content:"fxtrainer.in"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527804/; classtype:trojan-activity;sid:83390904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qe.php"; depth:7; endswith; nocase; http.host; content:"disputedfamilies.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527805/; classtype:trojan-activity;sid:83390905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rmur.php"; depth:9; endswith; nocase; http.host; content:"fixerassist.co.za"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527806/; classtype:trojan-activity;sid:83390906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiq.php"; depth:8; endswith; nocase; http.host; content:"fenixempre.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527799/; classtype:trojan-activity;sid:83390899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qs.php"; depth:7; endswith; nocase; http.host; content:"indish.org"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527800/; classtype:trojan-activity;sid:83390900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cia.php"; depth:8; endswith; nocase; http.host; content:"dashtika.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527801/; classtype:trojan-activity;sid:83390901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te.php"; depth:7; endswith; nocase; http.host; content:"gvt.com.pk"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527802/; classtype:trojan-activity;sid:83390902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ois.php"; depth:8; endswith; nocase; http.host; content:"elu.edu.tr"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527796/; classtype:trojan-activity;sid:83390896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsi.php"; depth:8; endswith; nocase; http.host; content:"ecocia.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527797/; classtype:trojan-activity;sid:83390897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/at.php"; depth:7; endswith; nocase; http.host; content:"fdmlearn.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527798/; classtype:trojan-activity;sid:83390898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncii.php"; depth:9; endswith; nocase; http.host; content:"exploredunya.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527795/; classtype:trojan-activity;sid:83390895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in.php"; depth:7; endswith; nocase; http.host; content:"giantechs.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527791/; classtype:trojan-activity;sid:83390891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ost.php"; depth:8; endswith; nocase; http.host; content:"edumalaysia.lk"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527792/; classtype:trojan-activity;sid:83390892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urx.php"; depth:8; endswith; nocase; http.host; content:"ibraheemandsons.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527793/; classtype:trojan-activity;sid:83390893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teu.php"; depth:8; endswith; nocase; http.host; content:"healthcarereviewer.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527794/; classtype:trojan-activity;sid:83390894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp.php"; depth:7; endswith; nocase; http.host; content:"geauxgreekapparel.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527785/; classtype:trojan-activity;sid:83390885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opex.php"; depth:9; endswith; nocase; http.host; content:"goadventure.travel"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527786/; classtype:trojan-activity;sid:83390886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibsi.php"; depth:9; endswith; nocase; http.host; content:"glutenfreewendy.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527787/; classtype:trojan-activity;sid:83390887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aei.php"; depth:8; endswith; nocase; http.host; content:"globaltradingopt.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527788/; classtype:trojan-activity;sid:83390888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sst.php"; depth:8; endswith; nocase; http.host; content:"eyangstadium.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527789/; classtype:trojan-activity;sid:83390889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtla.php"; depth:9; endswith; nocase; http.host; content:"dcapglobal.org"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527790/; classtype:trojan-activity;sid:83390890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ois.php"; depth:8; endswith; nocase; http.host; content:"drkashisaz.ir"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527784/; classtype:trojan-activity;sid:83390884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aq.php"; depth:7; endswith; nocase; http.host; content:"gclambathach.in"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527783/; classtype:trojan-activity;sid:83390883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qid.php"; depth:8; endswith; nocase; http.host; content:"dominioncareltd.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527782/; classtype:trojan-activity;sid:83390882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia.php"; depth:7; endswith; nocase; http.host; content:"fysmiledental.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527781/; classtype:trojan-activity;sid:83390881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed.php"; depth:7; endswith; nocase; http.host; content:"datatronicaperu.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527778/; classtype:trojan-activity;sid:83390878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oos.php"; depth:8; endswith; nocase; http.host; content:"itscitycommrece.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527779/; classtype:trojan-activity;sid:83390879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soi.php"; depth:8; endswith; nocase; http.host; content:"green-cat.ro"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527780/; classtype:trojan-activity;sid:83390880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sie.php"; depth:8; endswith; nocase; http.host; content:"cricketphysio.in"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527777/; classtype:trojan-activity;sid:83390877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ics.php"; depth:8; endswith; nocase; http.host; content:"emporio-valentini.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527774/; classtype:trojan-activity;sid:83390874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ame.php"; depth:8; endswith; nocase; http.host; content:"fastseodirectory.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527775/; classtype:trojan-activity;sid:83390875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stti.php"; depth:9; endswith; nocase; http.host; content:"gsvgroup.pe"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527776/; classtype:trojan-activity;sid:83390876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rntt.php"; depth:9; endswith; nocase; http.host; content:"globalmultisolutions.net"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527771/; classtype:trojan-activity;sid:83390871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or.php"; depth:7; endswith; nocase; http.host; content:"eftfbd.org"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527772/; classtype:trojan-activity;sid:83390872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mu.php"; depth:7; endswith; nocase; http.host; content:"fenzal.tech"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527773/; classtype:trojan-activity;sid:83390873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iee.php"; depth:8; endswith; nocase; http.host; content:"hendry-sriyati.asia"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527767/; classtype:trojan-activity;sid:83390867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aure.php"; depth:9; endswith; nocase; http.host; content:"fntxerp.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527768/; classtype:trojan-activity;sid:83390868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suuq.php"; depth:9; endswith; nocase; http.host; content:"gojireekitchen.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527769/; classtype:trojan-activity;sid:83390869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ds.php"; depth:7; endswith; nocase; http.host; content:"ecompany.pk"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527770/; classtype:trojan-activity;sid:83390870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/par.php"; depth:8; endswith; nocase; http.host; content:"digitoonz.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527762/; classtype:trojan-activity;sid:83390862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sii.php"; depth:8; endswith; nocase; http.host; content:"floridasforgottenfelines.org"; depth:28; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527763/; classtype:trojan-activity;sid:83390863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nut.php"; depth:8; endswith; nocase; http.host; content:"infokondangan.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527764/; classtype:trojan-activity;sid:83390864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oela.php"; depth:9; endswith; nocase; http.host; content:"fairfreight.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527765/; classtype:trojan-activity;sid:83390865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.php"; depth:7; endswith; nocase; http.host; content:"gewinnmax.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527766/; classtype:trojan-activity;sid:83390866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iir.php"; depth:8; endswith; nocase; http.host; content:"gogorhino.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527760/; classtype:trojan-activity;sid:83390860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nome.php"; depth:9; endswith; nocase; http.host; content:"idassiaa.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527761/; classtype:trojan-activity;sid:83390861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ep.php"; depth:7; endswith; nocase; http.host; content:"ikigaisuperpowers.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527757/; classtype:trojan-activity;sid:83390857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or.php"; depth:7; endswith; nocase; http.host; content:"fuspam.xyz"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527758/; classtype:trojan-activity;sid:83390858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.105.53.206"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527759/; classtype:trojan-activity;sid:83390859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mto.php"; depth:8; endswith; nocase; http.host; content:"flexjobspk.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527755/; classtype:trojan-activity;sid:83390855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uo.php"; depth:7; endswith; nocase; http.host; content:"iniser.co"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527756/; classtype:trojan-activity;sid:83390856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui.php"; depth:7; endswith; nocase; http.host; content:"ighhomebuyer.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527754/; classtype:trojan-activity;sid:83390854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi.php"; depth:7; endswith; nocase; http.host; content:"gitpng.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527749/; classtype:trojan-activity;sid:83390849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itm.php"; depth:8; endswith; nocase; http.host; content:"exceltravelmorocco.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527750/; classtype:trojan-activity;sid:83390850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itnu.php"; depth:9; endswith; nocase; http.host; content:"irembo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527751/; classtype:trojan-activity;sid:83390851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utt.php"; depth:8; endswith; nocase; http.host; content:"fnfproperty.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527752/; classtype:trojan-activity;sid:83390852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as.php"; depth:7; endswith; nocase; http.host; content:"edgepro.co.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527753/; classtype:trojan-activity;sid:83390853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ri.php"; depth:7; endswith; nocase; http.host; content:"gyvseguros.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527746/; classtype:trojan-activity;sid:83390846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftui.php"; depth:9; endswith; nocase; http.host; content:"espatia.eu"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527747/; classtype:trojan-activity;sid:83390847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi.php"; depth:7; endswith; nocase; http.host; content:"exalt.pk"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527748/; classtype:trojan-activity;sid:83390848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eesa.php"; depth:9; endswith; nocase; http.host; content:"heconstructions.com.au"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527743/; classtype:trojan-activity;sid:83390843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea.php"; depth:7; endswith; nocase; http.host; content:"is-goal.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527744/; classtype:trojan-activity;sid:83390844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs.php"; depth:7; endswith; nocase; http.host; content:"dfwsocialmediaservices.com"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527745/; classtype:trojan-activity;sid:83390845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di.php"; depth:7; endswith; nocase; http.host; content:"devsoft.co.ao"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527738/; classtype:trojan-activity;sid:83390838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re.php"; depth:7; endswith; nocase; http.host; content:"heroespreviews.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527739/; classtype:trojan-activity;sid:83390839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsro.php"; depth:9; endswith; nocase; http.host; content:"europacoc.eu"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527740/; classtype:trojan-activity;sid:83390840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hne.php"; depth:8; endswith; nocase; http.host; content:"ibhnlp.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527741/; classtype:trojan-activity;sid:83390841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al.php"; depth:7; endswith; nocase; http.host; content:"forestofgames.org"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527742/; classtype:trojan-activity;sid:83390842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amp.php"; depth:8; endswith; nocase; http.host; content:"instinct.com.pk"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527736/; classtype:trojan-activity;sid:83390836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li.php"; depth:7; endswith; nocase; http.host; content:"erpsystem.web.id"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527737/; classtype:trojan-activity;sid:83390837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu.php"; depth:7; endswith; nocase; http.host; content:"frecuencias.mx"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527731/; classtype:trojan-activity;sid:83390831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aiae.php"; depth:9; endswith; nocase; http.host; content:"grupoplp.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527732/; classtype:trojan-activity;sid:83390832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui.php"; depth:7; endswith; nocase; http.host; content:"industrial-electricity-contactor.ir"; depth:35; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527733/; classtype:trojan-activity;sid:83390833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eu.php"; depth:7; endswith; nocase; http.host; content:"healthy-inside-out.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527734/; classtype:trojan-activity;sid:83390834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsu.php"; depth:8; endswith; nocase; http.host; content:"investokia.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527735/; classtype:trojan-activity;sid:83390835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osn.php"; depth:8; endswith; nocase; http.host; content:"heroualliance.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527729/; classtype:trojan-activity;sid:83390829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elti.php"; depth:9; endswith; nocase; http.host; content:"covidlabbilling.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527730/; classtype:trojan-activity;sid:83390830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue.php"; depth:7; endswith; nocase; http.host; content:"dasmv.in"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527724/; classtype:trojan-activity;sid:83390824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmt.php"; depth:8; endswith; nocase; http.host; content:"faiqeliyev.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527725/; classtype:trojan-activity;sid:83390825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eu.php"; depth:7; endswith; nocase; http.host; content:"hidraulicanaselli.com.ar"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527726/; classtype:trojan-activity;sid:83390826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orr.php"; depth:8; endswith; nocase; http.host; content:"indianwoodenshop.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527727/; classtype:trojan-activity;sid:83390827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iomd.php"; depth:9; endswith; nocase; http.host; content:"dclearning.academy"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527728/; classtype:trojan-activity;sid:83390828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isp.php"; depth:8; endswith; nocase; http.host; content:"escursioni-marocco.net"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527716/; classtype:trojan-activity;sid:83390816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sver.php"; depth:9; endswith; nocase; http.host; content:"everisentertainment.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527717/; classtype:trojan-activity;sid:83390817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teu.php"; depth:8; endswith; nocase; http.host; content:"epicbodyboost.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527718/; classtype:trojan-activity;sid:83390818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/es.php"; depth:7; endswith; nocase; http.host; content:"gesherspac.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527719/; classtype:trojan-activity;sid:83390819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as.php"; depth:7; endswith; nocase; http.host; content:"dodgeart.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527720/; classtype:trojan-activity;sid:83390820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dei.php"; depth:8; endswith; nocase; http.host; content:"divyabhajan.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527721/; classtype:trojan-activity;sid:83390821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oai.php"; depth:8; endswith; nocase; http.host; content:"digytec.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527722/; classtype:trojan-activity;sid:83390822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tes.php"; depth:8; endswith; nocase; http.host; content:"ismartrecruit.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527723/; classtype:trojan-activity;sid:83390823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/istu.php"; depth:9; endswith; nocase; http.host; content:"generalsports.mx"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527713/; classtype:trojan-activity;sid:83390813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vum.php"; depth:8; endswith; nocase; http.host; content:"grainshakti.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527714/; classtype:trojan-activity;sid:83390814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eip.php"; depth:8; endswith; nocase; http.host; content:"elitehairextensionsalons.com.au"; depth:31; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527715/; classtype:trojan-activity;sid:83390815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aau.php"; depth:8; endswith; nocase; http.host; content:"gmconverting.rs"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527711/; classtype:trojan-activity;sid:83390811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te.php"; depth:7; endswith; nocase; http.host; content:"insynquecapital.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527712/; classtype:trojan-activity;sid:83390812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/st.php"; depth:7; endswith; nocase; http.host; content:"etornilleras.mx"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527710/; classtype:trojan-activity;sid:83390810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avla.php"; depth:9; endswith; nocase; http.host; content:"crescentstarlions.org"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527709/; classtype:trojan-activity;sid:83390809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eor.php"; depth:8; endswith; nocase; http.host; content:"crestprojects.co.in"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527708/; classtype:trojan-activity;sid:83390808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpir.php"; depth:9; endswith; nocase; http.host; content:"fairdealsstoreinc.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527706/; classtype:trojan-activity;sid:83390806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unds.php"; depth:9; endswith; nocase; http.host; content:"glsservice.tech"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527707/; classtype:trojan-activity;sid:83390807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isin.php"; depth:9; endswith; nocase; http.host; content:"decorksa.mx"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527704/; classtype:trojan-activity;sid:83390804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fiof.php"; depth:9; endswith; nocase; http.host; content:"globoilegypt.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527705/; classtype:trojan-activity;sid:83390805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uti.php"; depth:8; endswith; nocase; http.host; content:"icdfindia.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527702/; classtype:trojan-activity;sid:83390802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcu.php"; depth:8; endswith; nocase; http.host; content:"delbesto.ir"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527703/; classtype:trojan-activity;sid:83390803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uro.php"; depth:8; endswith; nocase; http.host; content:"dloan.co"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527696/; classtype:trojan-activity;sid:83390796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el.php"; depth:7; endswith; nocase; http.host; content:"itmm.tech"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527697/; classtype:trojan-activity;sid:83390797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul.php"; depth:7; endswith; nocase; http.host; content:"faysalkhanphotography.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527698/; classtype:trojan-activity;sid:83390798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sus.php"; depth:8; endswith; nocase; http.host; content:"industrialoutlook.in"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527699/; classtype:trojan-activity;sid:83390799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ap.php"; depth:7; endswith; nocase; http.host; content:"gargashokca.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527700/; classtype:trojan-activity;sid:83390800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ums.php"; depth:8; endswith; nocase; http.host; content:"fcffoods.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527701/; classtype:trojan-activity;sid:83390801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seet.php"; depth:9; endswith; nocase; http.host; content:"gcthachi.in"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527692/; classtype:trojan-activity;sid:83390792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aieo.php"; depth:9; endswith; nocase; http.host; content:"halalhanoi.net"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527693/; classtype:trojan-activity;sid:83390793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tan.php"; depth:8; endswith; nocase; http.host; content:"gardenmd.co"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527694/; classtype:trojan-activity;sid:83390794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtl.php"; depth:8; endswith; nocase; http.host; content:"impactcove.org"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527695/; classtype:trojan-activity;sid:83390795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ms.php"; depth:7; endswith; nocase; http.host; content:"hawsabah.sd"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527688/; classtype:trojan-activity;sid:83390788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slao.php"; depth:9; endswith; nocase; http.host; content:"dsbayi.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527689/; classtype:trojan-activity;sid:83390789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rleo.php"; depth:9; endswith; nocase; http.host; content:"evagreenhub.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527690/; classtype:trojan-activity;sid:83390790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ala.php"; depth:8; endswith; nocase; http.host; content:"gpmorenacdmx.org.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527691/; classtype:trojan-activity;sid:83390791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net.php"; depth:8; endswith; nocase; http.host; content:"cosmopolitanconsultingg.com"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527685/; classtype:trojan-activity;sid:83390785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptan.php"; depth:9; endswith; nocase; http.host; content:"donatours.in"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527686/; classtype:trojan-activity;sid:83390786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr.php"; depth:7; endswith; nocase; http.host; content:"davmandi.org"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527687/; classtype:trojan-activity;sid:83390787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qiu.php"; depth:8; endswith; nocase; http.host; content:"innovegicstudio.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527681/; classtype:trojan-activity;sid:83390781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lnb.php"; depth:8; endswith; nocase; http.host; content:"foodiblog.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527682/; classtype:trojan-activity;sid:83390782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulam.php"; depth:9; endswith; nocase; http.host; content:"edison-house.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527683/; classtype:trojan-activity;sid:83390783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urri.php"; depth:9; endswith; nocase; http.host; content:"esafzug.ch"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527684/; classtype:trojan-activity;sid:83390784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loq.php"; depth:8; endswith; nocase; http.host; content:"guillesa.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527680/; classtype:trojan-activity;sid:83390780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ot.php"; depth:7; endswith; nocase; http.host; content:"dikshacreations.in"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527676/; classtype:trojan-activity;sid:83390776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi.php"; depth:7; endswith; nocase; http.host; content:"dailyhungama.pk"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527677/; classtype:trojan-activity;sid:83390777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poe.php"; depth:8; endswith; nocase; http.host; content:"firsteaton.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527678/; classtype:trojan-activity;sid:83390778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et.php"; depth:7; endswith; nocase; http.host; content:"healthyfitanddiet.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527679/; classtype:trojan-activity;sid:83390779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iqa.php"; depth:8; endswith; nocase; http.host; content:"emiliasdailynuggets.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527672/; classtype:trojan-activity;sid:83390772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nm.php"; depth:7; endswith; nocase; http.host; content:"frey2.com"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527673/; classtype:trojan-activity;sid:83390773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qut.php"; depth:8; endswith; nocase; http.host; content:"eac.mx"; depth:6; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527674/; classtype:trojan-activity;sid:83390774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ett.php"; depth:8; endswith; nocase; http.host; content:"horizontechconsultants.com"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527675/; classtype:trojan-activity;sid:83390775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uet.php"; depth:8; endswith; nocase; http.host; content:"hrlytic.net"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527670/; classtype:trojan-activity;sid:83390770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiot.php"; depth:9; endswith; nocase; http.host; content:"experianbizcu.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527671/; classtype:trojan-activity;sid:83390771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erl.php"; depth:8; endswith; nocase; http.host; content:"hindimecom.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527669/; classtype:trojan-activity;sid:83390769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei.php"; depth:7; endswith; nocase; http.host; content:"dng.or.tz"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527665/; classtype:trojan-activity;sid:83390765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrt.php"; depth:8; endswith; nocase; http.host; content:"ideaux.in"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527666/; classtype:trojan-activity;sid:83390766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ot.php"; depth:7; endswith; nocase; http.host; content:"empireschoolsystem.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527667/; classtype:trojan-activity;sid:83390767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eca.php"; depth:8; endswith; nocase; http.host; content:"deckchairhire.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527668/; classtype:trojan-activity;sid:83390768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dq.php"; depth:7; endswith; nocase; http.host; content:"digioffice.net"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527661/; classtype:trojan-activity;sid:83390761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uat.php"; depth:8; endswith; nocase; http.host; content:"hyperpotenttutors.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527662/; classtype:trojan-activity;sid:83390762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mru.php"; depth:8; endswith; nocase; http.host; content:"gamerskingdm.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527663/; classtype:trojan-activity;sid:83390763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vr.php"; depth:7; endswith; nocase; http.host; content:"funkochica.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527664/; classtype:trojan-activity;sid:83390764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ieia.php"; depth:9; endswith; nocase; http.host; content:"ehdekhilafat.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527658/; classtype:trojan-activity;sid:83390758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/equ.php"; depth:8; endswith; nocase; http.host; content:"culturaimmateriale.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527659/; classtype:trojan-activity;sid:83390759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os.php"; depth:7; endswith; nocase; http.host; content:"dynamicvisionusa.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527660/; classtype:trojan-activity;sid:83390760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qudn.php"; depth:9; endswith; nocase; http.host; content:"ichargefast.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527657/; classtype:trojan-activity;sid:83390757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xit.php"; depth:8; endswith; nocase; http.host; content:"hidewooddevelopment.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527654/; classtype:trojan-activity;sid:83390754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te.php"; depth:7; endswith; nocase; http.host; content:"eduardofurlani.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527655/; classtype:trojan-activity;sid:83390755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbea.php"; depth:9; endswith; nocase; http.host; content:"hiennhungtoeic.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527656/; classtype:trojan-activity;sid:83390756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt.php"; depth:7; endswith; nocase; http.host; content:"gdcrewalsar.in"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527653/; classtype:trojan-activity;sid:83390753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eni.php"; depth:8; endswith; nocase; http.host; content:"gpled-eg.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527650/; classtype:trojan-activity;sid:83390750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lml.php"; depth:8; endswith; nocase; http.host; content:"invoiceoption.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527651/; classtype:trojan-activity;sid:83390751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re.php"; depth:7; endswith; nocase; http.host; content:"invoengsolutions.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527652/; classtype:trojan-activity;sid:83390752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odso.php"; depth:9; endswith; nocase; http.host; content:"devsraza.me"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527642/; classtype:trojan-activity;sid:83390742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ddii.php"; depth:9; endswith; nocase; http.host; content:"digitalsimran.org"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527643/; classtype:trojan-activity;sid:83390743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laex.php"; depth:9; endswith; nocase; http.host; content:"graceythewriter.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527644/; classtype:trojan-activity;sid:83390744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le.php"; depth:7; endswith; nocase; http.host; content:"evripos.ca"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527645/; classtype:trojan-activity;sid:83390745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne.php"; depth:7; endswith; nocase; http.host; content:"grupoenertec.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527646/; classtype:trojan-activity;sid:83390746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sst.php"; depth:8; endswith; nocase; http.host; content:"iconfoundation.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527647/; classtype:trojan-activity;sid:83390747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ueae.php"; depth:9; endswith; nocase; http.host; content:"inhome-ks.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527648/; classtype:trojan-activity;sid:83390748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnde.php"; depth:9; endswith; nocase; http.host; content:"errorcodex.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527649/; classtype:trojan-activity;sid:83390749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usq.php"; depth:8; endswith; nocase; http.host; content:"frutagel.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527639/; classtype:trojan-activity;sid:83390739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne.php"; depth:7; endswith; nocase; http.host; content:"hrhiringexperts.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527640/; classtype:trojan-activity;sid:83390740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el.php"; depth:7; endswith; nocase; http.host; content:"hrservices.com.pk"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527641/; classtype:trojan-activity;sid:83390741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iat.php"; depth:8; endswith; nocase; http.host; content:"infinitydigital.id"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527638/; classtype:trojan-activity;sid:83390738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li.php"; depth:7; endswith; nocase; http.host; content:"habib.ar"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527635/; classtype:trojan-activity;sid:83390735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isa.php"; depth:8; endswith; nocase; http.host; content:"glohealthex.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527636/; classtype:trojan-activity;sid:83390736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um.php"; depth:7; endswith; nocase; http.host; content:"interwebsite.net"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527637/; classtype:trojan-activity;sid:83390737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cant.php"; depth:9; endswith; nocase; http.host; content:"garanziaservices.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527632/; classtype:trojan-activity;sid:83390732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pueq.php"; depth:9; endswith; nocase; http.host; content:"elitetutorialspune.in"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527633/; classtype:trojan-activity;sid:83390733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae.php"; depth:7; endswith; nocase; http.host; content:"eminentacademy.com.np"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527634/; classtype:trojan-activity;sid:83390734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mv.php"; depth:7; endswith; nocase; http.host; content:"farsigraph.ir"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527627/; classtype:trojan-activity;sid:83390727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slnm.php"; depth:9; endswith; nocase; http.host; content:"dmaxxorders.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527628/; classtype:trojan-activity;sid:83390728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ol.php"; depth:7; endswith; nocase; http.host; content:"deangraff.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527629/; classtype:trojan-activity;sid:83390729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nm.php"; depth:7; endswith; nocase; http.host; content:"ibuildwebstore.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527630/; classtype:trojan-activity;sid:83390730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sav.php"; depth:8; endswith; nocase; http.host; content:"edgeconsulting.fr"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527631/; classtype:trojan-activity;sid:83390731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou.php"; depth:7; endswith; nocase; http.host; content:"investmentmax.org"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527626/; classtype:trojan-activity;sid:83390726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tes.php"; depth:8; endswith; nocase; http.host; content:"esteemallianceunion.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527621/; classtype:trojan-activity;sid:83390721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/est.php"; depth:8; endswith; nocase; http.host; content:"haei-nigeria.org"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527622/; classtype:trojan-activity;sid:83390722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttu.php"; depth:8; endswith; nocase; http.host; content:"hireaprivatebartender.co.uk"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527623/; classtype:trojan-activity;sid:83390723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/litv.php"; depth:9; endswith; nocase; http.host; content:"equrantutor.net"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527624/; classtype:trojan-activity;sid:83390724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qo.php"; depth:7; endswith; nocase; http.host; content:"essencechemicals.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527625/; classtype:trojan-activity;sid:83390725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuln.php"; depth:9; endswith; nocase; http.host; content:"iranadenigeria.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527619/; classtype:trojan-activity;sid:83390719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eib.php"; depth:8; endswith; nocase; http.host; content:"istoesic.gmk.pt"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527620/; classtype:trojan-activity;sid:83390720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tned.php"; depth:9; endswith; nocase; http.host; content:"hispan-sd.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527615/; classtype:trojan-activity;sid:83390715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uid.php"; depth:8; endswith; nocase; http.host; content:"grocery360.in"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527616/; classtype:trojan-activity;sid:83390716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtc.php"; depth:8; endswith; nocase; http.host; content:"eazyrf.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527617/; classtype:trojan-activity;sid:83390717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aetu.php"; depth:9; endswith; nocase; http.host; content:"industrialsuply.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527618/; classtype:trojan-activity;sid:83390718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/at.php"; depth:7; endswith; nocase; http.host; content:"digicab.in"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527613/; classtype:trojan-activity;sid:83390713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/at.php"; depth:7; endswith; nocase; http.host; content:"gromanmortuary.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527614/; classtype:trojan-activity;sid:83390714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbi.php"; depth:8; endswith; nocase; http.host; content:"flexxapps.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527611/; classtype:trojan-activity;sid:83390711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tteu.php"; depth:9; endswith; nocase; http.host; content:"greensnet.in"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527612/; classtype:trojan-activity;sid:83390712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ir.php"; depth:7; endswith; nocase; http.host; content:"helpkidney.online"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527609/; classtype:trojan-activity;sid:83390709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsdi.php"; depth:9; endswith; nocase; http.host; content:"easydietandweightloss.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527610/; classtype:trojan-activity;sid:83390710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mau.php"; depth:8; endswith; nocase; http.host; content:"goldrockmines.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527608/; classtype:trojan-activity;sid:83390708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie.php"; depth:7; endswith; nocase; http.host; content:"edulexis.ro"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527606/; classtype:trojan-activity;sid:83390706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/im.php"; depth:7; endswith; nocase; http.host; content:"ieffindia.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527607/; classtype:trojan-activity;sid:83390707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iptd.php"; depth:9; endswith; nocase; http.host; content:"dameoutlet.it"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527591/; classtype:trojan-activity;sid:83390691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api.php"; depth:8; endswith; nocase; http.host; content:"gourmetdos.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527592/; classtype:trojan-activity;sid:83390692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sde.php"; depth:8; endswith; nocase; http.host; content:"handystamps.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527593/; classtype:trojan-activity;sid:83390693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu.php"; depth:7; endswith; nocase; http.host; content:"firstbackyard.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527594/; classtype:trojan-activity;sid:83390694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nu.php"; depth:7; endswith; nocase; http.host; content:"hypemembers.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527595/; classtype:trojan-activity;sid:83390695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea.php"; depth:7; endswith; nocase; http.host; content:"divigsa.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527596/; classtype:trojan-activity;sid:83390696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rea.php"; depth:8; endswith; nocase; http.host; content:"goldensnooker.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527597/; classtype:trojan-activity;sid:83390697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iaoe.php"; depth:9; endswith; nocase; http.host; content:"foodbankreserves.org"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527598/; classtype:trojan-activity;sid:83390698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ld.php"; depth:7; endswith; nocase; http.host; content:"gnc.edu.sd"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527599/; classtype:trojan-activity;sid:83390699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdii.php"; depth:9; endswith; nocase; http.host; content:"interculturalcusco.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527600/; classtype:trojan-activity;sid:83390700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etsu.php"; depth:9; endswith; nocase; http.host; content:"diakrino.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527601/; classtype:trojan-activity;sid:83390701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiar.php"; depth:9; endswith; nocase; http.host; content:"examtestbanksolution.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527602/; classtype:trojan-activity;sid:83390702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veuo.php"; depth:9; endswith; nocase; http.host; content:"fastfonechargers.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527603/; classtype:trojan-activity;sid:83390703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enni.php"; depth:9; endswith; nocase; http.host; content:"digitalapexinvst.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527604/; classtype:trojan-activity;sid:83390704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qus.php"; depth:8; endswith; nocase; http.host; content:"homecareassistancebarrie.ca"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527605/; classtype:trojan-activity;sid:83390705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aot.php"; depth:8; endswith; nocase; http.host; content:"homecareassistancerichardson.com"; depth:32; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527588/; classtype:trojan-activity;sid:83390688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boi.php"; depth:8; endswith; nocase; http.host; content:"dms.trade"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527589/; classtype:trojan-activity;sid:83390689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tle.php"; depth:8; endswith; nocase; http.host; content:"fonechargerz.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527590/; classtype:trojan-activity;sid:83390690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utum.php"; depth:9; endswith; nocase; http.host; content:"itsmyblog.space"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527585/; classtype:trojan-activity;sid:83390685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsan.php"; depth:9; endswith; nocase; http.host; content:"eeshanindustries.in"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527586/; classtype:trojan-activity;sid:83390686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iam.php"; depth:8; endswith; nocase; http.host; content:"iptvevents.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527587/; classtype:trojan-activity;sid:83390687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ubi.php"; depth:8; endswith; nocase; http.host; content:"esquare.store"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527583/; classtype:trojan-activity;sid:83390683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tn.php"; depth:7; endswith; nocase; http.host; content:"emmanuelgroup.org"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527584/; classtype:trojan-activity;sid:83390684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eatl.php"; depth:9; endswith; nocase; http.host; content:"drgirishbadarkhe.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527582/; classtype:trojan-activity;sid:83390682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dru.php"; depth:8; endswith; nocase; http.host; content:"bonhouse.com.mx"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527581/; classtype:trojan-activity;sid:83390681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsa.php"; depth:8; endswith; nocase; http.host; content:"arkentechsolutions.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527579/; classtype:trojan-activity;sid:83390679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sev.php"; depth:8; endswith; nocase; http.host; content:"completefitfix.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527580/; classtype:trojan-activity;sid:83390680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiq.php"; depth:8; endswith; nocase; http.host; content:"baronmarkets.net"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527578/; classtype:trojan-activity;sid:83390678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nm.php"; depth:7; endswith; nocase; http.host; content:"charlestoncondosales.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527574/; classtype:trojan-activity;sid:83390674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iasd.php"; depth:9; endswith; nocase; http.host; content:"chrono-actu.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527575/; classtype:trojan-activity;sid:83390675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plsn.php"; depth:9; endswith; nocase; http.host; content:"ccreative.in"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527576/; classtype:trojan-activity;sid:83390676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/san.php"; depth:8; endswith; nocase; http.host; content:"corporativolegalmexico.com.mx"; depth:29; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527577/; classtype:trojan-activity;sid:83390677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qbd.php"; depth:8; endswith; nocase; http.host; content:"caisong.com.tw"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527573/; classtype:trojan-activity;sid:83390673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tni.php"; depth:8; endswith; nocase; http.host; content:"citytrstbk.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527571/; classtype:trojan-activity;sid:83390671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.202"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527572/; classtype:trojan-activity;sid:83390672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbis.php"; depth:9; endswith; nocase; http.host; content:"backstretcher.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527568/; classtype:trojan-activity;sid:83390668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/an.php"; depth:7; endswith; nocase; http.host; content:"comfyshoesofficial.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527569/; classtype:trojan-activity;sid:83390669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/las.php"; depth:8; endswith; nocase; http.host; content:"classopedia.org"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527570/; classtype:trojan-activity;sid:83390670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osn.php"; depth:8; endswith; nocase; http.host; content:"cantechconnections.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527567/; classtype:trojan-activity;sid:83390667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qae.php"; depth:8; endswith; nocase; http.host; content:"bioinfoaus.ac.in"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527565/; classtype:trojan-activity;sid:83390665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leoi.php"; depth:9; endswith; nocase; http.host; content:"bicabe.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527566/; classtype:trojan-activity;sid:83390666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecra.php"; depth:9; endswith; nocase; http.host; content:"assurebenefit.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527561/; classtype:trojan-activity;sid:83390661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ied.php"; depth:8; endswith; nocase; http.host; content:"bedsbd.org"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527562/; classtype:trojan-activity;sid:83390662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iu.php"; depth:7; endswith; nocase; http.host; content:"beautypets.ae"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527563/; classtype:trojan-activity;sid:83390663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/au.php"; depth:7; endswith; nocase; http.host; content:"competenttravelmate.com.ng"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527564/; classtype:trojan-activity;sid:83390664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el.php"; depth:7; endswith; nocase; http.host; content:"baltan.com.tr"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527560/; classtype:trojan-activity;sid:83390660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roo.php"; depth:8; endswith; nocase; http.host; content:"audioutlaw.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527559/; classtype:trojan-activity;sid:83390659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oim.php"; depth:8; endswith; nocase; http.host; content:"cabreu.dev"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527553/; classtype:trojan-activity;sid:83390653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps.php"; depth:7; endswith; nocase; http.host; content:"corp-digitec.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527554/; classtype:trojan-activity;sid:83390654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa.php"; depth:7; endswith; nocase; http.host; content:"chiwipets.cl"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527555/; classtype:trojan-activity;sid:83390655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is.php"; depth:7; endswith; nocase; http.host; content:"corporaciontasso.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527556/; classtype:trojan-activity;sid:83390656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaa.php"; depth:8; endswith; nocase; http.host; content:"ceremonyhomes.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527557/; classtype:trojan-activity;sid:83390657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teet.php"; depth:9; endswith; nocase; http.host; content:"caleda.org"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527558/; classtype:trojan-activity;sid:83390658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue.php"; depth:7; endswith; nocase; http.host; content:"artf.cg"; depth:7; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527548/; classtype:trojan-activity;sid:83390648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts.php"; depth:7; endswith; nocase; http.host; content:"cfpsa.pt"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527549/; classtype:trojan-activity;sid:83390649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lr.php"; depth:7; endswith; nocase; http.host; content:"conas.uz"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527550/; classtype:trojan-activity;sid:83390650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulos.php"; depth:9; endswith; nocase; http.host; content:"cikadut.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527551/; classtype:trojan-activity;sid:83390651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iieu.php"; depth:9; endswith; nocase; http.host; content:"cbcdn.uk"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527552/; classtype:trojan-activity;sid:83390652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euim.php"; depth:9; endswith; nocase; http.host; content:"chargeelectro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527539/; classtype:trojan-activity;sid:83390639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilto.php"; depth:9; endswith; nocase; http.host; content:"audiobooksget.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527540/; classtype:trojan-activity;sid:83390640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/au.php"; depth:7; endswith; nocase; http.host; content:"carakatravelindo.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527541/; classtype:trojan-activity;sid:83390641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul.php"; depth:7; endswith; nocase; http.host; content:"chlodnictwokrakow.pl"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527542/; classtype:trojan-activity;sid:83390642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue.php"; depth:7; endswith; nocase; http.host; content:"breaking.sbs"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527543/; classtype:trojan-activity;sid:83390643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeq.php"; depth:8; endswith; nocase; http.host; content:"arielthea.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527544/; classtype:trojan-activity;sid:83390644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imn.php"; depth:8; endswith; nocase; http.host; content:"business-line.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527545/; classtype:trojan-activity;sid:83390645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nn.php"; depth:7; endswith; nocase; http.host; content:"bengalforex.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527546/; classtype:trojan-activity;sid:83390646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnio.php"; depth:9; endswith; nocase; http.host; content:"autovio.store"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527547/; classtype:trojan-activity;sid:83390647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um.php"; depth:7; endswith; nocase; http.host; content:"bearobonaut.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527538/; classtype:trojan-activity;sid:83390638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqie.php"; depth:9; endswith; nocase; http.host; content:"beavertracks.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527535/; classtype:trojan-activity;sid:83390635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oqcu.php"; depth:9; endswith; nocase; http.host; content:"cabaccess.fr"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527536/; classtype:trojan-activity;sid:83390636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/niat.php"; depth:9; endswith; nocase; http.host; content:"calyxtech.net"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527537/; classtype:trojan-activity;sid:83390637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rani.php"; depth:9; endswith; nocase; http.host; content:"autovanin.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527531/; classtype:trojan-activity;sid:83390631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nolt.php"; depth:9; endswith; nocase; http.host; content:"boomup.mx"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527532/; classtype:trojan-activity;sid:83390632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it.php"; depth:7; endswith; nocase; http.host; content:"avancedevelopments.co.uk"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527533/; classtype:trojan-activity;sid:83390633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nl.php"; depth:7; endswith; nocase; http.host; content:"blogzambianjuice.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527534/; classtype:trojan-activity;sid:83390634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou.php"; depth:7; endswith; nocase; http.host; content:"chmuhammad.co"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527528/; classtype:trojan-activity;sid:83390628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iela.php"; depth:9; endswith; nocase; http.host; content:"celiussalud.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527529/; classtype:trojan-activity;sid:83390629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oe.php"; depth:7; endswith; nocase; http.host; content:"bawaindustries.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527530/; classtype:trojan-activity;sid:83390630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xute.php"; depth:9; endswith; nocase; http.host; content:"cemgi.com.mx"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527527/; classtype:trojan-activity;sid:83390627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el.php"; depth:7; endswith; nocase; http.host; content:"clinicabowen.ro"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527523/; classtype:trojan-activity;sid:83390623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ette.php"; depth:9; endswith; nocase; http.host; content:"cleansmmservices.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527524/; classtype:trojan-activity;sid:83390624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esc.php"; depth:8; endswith; nocase; http.host; content:"bluecollarapp.net"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527525/; classtype:trojan-activity;sid:83390625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dn.php"; depth:7; endswith; nocase; http.host; content:"coregadgetpro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527526/; classtype:trojan-activity;sid:83390626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnit.php"; depth:9; endswith; nocase; http.host; content:"corralcontroldeplagas.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527521/; classtype:trojan-activity;sid:83390621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euqn.php"; depth:9; endswith; nocase; http.host; content:"arinsy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527522/; classtype:trojan-activity;sid:83390622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lba.php"; depth:8; endswith; nocase; http.host; content:"basavi.mx"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527517/; classtype:trojan-activity;sid:83390617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uui.php"; depth:8; endswith; nocase; http.host; content:"bintimakinifoundation.or.tz"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527518/; classtype:trojan-activity;sid:83390618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io.php"; depth:7; endswith; nocase; http.host; content:"areebacollection.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527519/; classtype:trojan-activity;sid:83390619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aum.php"; depth:8; endswith; nocase; http.host; content:"ataramotors.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527520/; classtype:trojan-activity;sid:83390620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eutp.php"; depth:9; endswith; nocase; http.host; content:"coppersilver.ae"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527516/; classtype:trojan-activity;sid:83390616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tim.php"; depth:8; endswith; nocase; http.host; content:"blendir3d.site"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527511/; classtype:trojan-activity;sid:83390611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tl.php"; depth:7; endswith; nocase; http.host; content:"aussiedigitalagency.online"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527512/; classtype:trojan-activity;sid:83390612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sle.php"; depth:8; endswith; nocase; http.host; content:"brainclick.org"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527513/; classtype:trojan-activity;sid:83390613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnsu.php"; depth:9; endswith; nocase; http.host; content:"cisneroselectronica.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527514/; classtype:trojan-activity;sid:83390614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmoa.php"; depth:9; endswith; nocase; http.host; content:"bimbelyec.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527515/; classtype:trojan-activity;sid:83390615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sa.php"; depth:7; endswith; nocase; http.host; content:"chikooflix.app"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527507/; classtype:trojan-activity;sid:83390607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps.php"; depth:7; endswith; nocase; http.host; content:"cameliacarteras.com.ar"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527508/; classtype:trojan-activity;sid:83390608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ueie.php"; depth:9; endswith; nocase; http.host; content:"appunik.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527509/; classtype:trojan-activity;sid:83390609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uue.php"; depth:8; endswith; nocase; http.host; content:"bajamilagro.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527510/; classtype:trojan-activity;sid:83390610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oml.php"; depth:8; endswith; nocase; http.host; content:"carmes-credit.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527506/; classtype:trojan-activity;sid:83390606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ta.php"; depth:7; endswith; nocase; http.host; content:"aqarna.net"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527500/; classtype:trojan-activity;sid:83390600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue.php"; depth:7; endswith; nocase; http.host; content:"bithea2.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527501/; classtype:trojan-activity;sid:83390601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emu.php"; depth:8; endswith; nocase; http.host; content:"beautycarwashandria.it"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527502/; classtype:trojan-activity;sid:83390602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mllt.php"; depth:9; endswith; nocase; http.host; content:"cgscoaching.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527503/; classtype:trojan-activity;sid:83390603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iro.php"; depth:8; endswith; nocase; http.host; content:"bellevuerose.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527504/; classtype:trojan-activity;sid:83390604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tm.php"; depth:7; endswith; nocase; http.host; content:"banglaflorida.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527505/; classtype:trojan-activity;sid:83390605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rm.php"; depth:7; endswith; nocase; http.host; content:"colanda.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527495/; classtype:trojan-activity;sid:83390595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma.php"; depth:7; endswith; nocase; http.host; content:"canagents.ca"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527496/; classtype:trojan-activity;sid:83390596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eit.php"; depth:8; endswith; nocase; http.host; content:"capagents.org"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527497/; classtype:trojan-activity;sid:83390597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utte.php"; depth:9; endswith; nocase; http.host; content:"anzil.in"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527498/; classtype:trojan-activity;sid:83390598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iqtt.php"; depth:9; endswith; nocase; http.host; content:"baliweddingbutler.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527499/; classtype:trojan-activity;sid:83390599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ii.php"; depth:7; endswith; nocase; http.host; content:"centroepoje.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527492/; classtype:trojan-activity;sid:83390592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tul.php"; depth:8; endswith; nocase; http.host; content:"beanbagsfilling.com.au"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527493/; classtype:trojan-activity;sid:83390593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qei.php"; depth:8; endswith; nocase; http.host; content:"cimory.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527494/; classtype:trojan-activity;sid:83390594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aet.php"; depth:8; endswith; nocase; http.host; content:"bargaincarrental.com.au"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527490/; classtype:trojan-activity;sid:83390590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ti.php"; depth:7; endswith; nocase; http.host; content:"asnkotabdl.net"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527491/; classtype:trojan-activity;sid:83390591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doou.php"; depth:9; endswith; nocase; http.host; content:"bookk.ga"; depth:8; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527487/; classtype:trojan-activity;sid:83390587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ud.php"; depth:7; endswith; nocase; http.host; content:"bellter.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527488/; classtype:trojan-activity;sid:83390588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sulc.php"; depth:9; endswith; nocase; http.host; content:"bombgadgets.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527489/; classtype:trojan-activity;sid:83390589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qdsa.php"; depth:9; endswith; nocase; http.host; content:"avetradeas.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527485/; classtype:trojan-activity;sid:83390585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toi.php"; depth:8; endswith; nocase; http.host; content:"brushfinch.tech"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527486/; classtype:trojan-activity;sid:83390586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euan.php"; depth:9; endswith; nocase; http.host; content:"correoscorporativosperu.com"; depth:27; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527483/; classtype:trojan-activity;sid:83390583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeat.php"; depth:9; endswith; nocase; http.host; content:"cleanenergyunited.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527484/; classtype:trojan-activity;sid:83390584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tfri.php"; depth:9; endswith; nocase; http.host; content:"balibagus.net"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527482/; classtype:trojan-activity;sid:83390582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imui.php"; depth:9; endswith; nocase; http.host; content:"cloudbilisim.com.tr"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527480/; classtype:trojan-activity;sid:83390580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie.php"; depth:7; endswith; nocase; http.host; content:"ases.az"; depth:7; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527481/; classtype:trojan-activity;sid:83390581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqnr.php"; depth:9; endswith; nocase; http.host; content:"area-20.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527479/; classtype:trojan-activity;sid:83390579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsl.php"; depth:8; endswith; nocase; http.host; content:"auditconsultores.cl"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527471/; classtype:trojan-activity;sid:83390571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umrt.php"; depth:9; endswith; nocase; http.host; content:"avantax.mx"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527472/; classtype:trojan-activity;sid:83390572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taae.php"; depth:9; endswith; nocase; http.host; content:"comercialeuroandina.cl"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527473/; classtype:trojan-activity;sid:83390573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scid.php"; depth:9; endswith; nocase; http.host; content:"carlosmejiafashionguru.com"; depth:26; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527474/; classtype:trojan-activity;sid:83390574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rnru.php"; depth:9; endswith; nocase; http.host; content:"centroamaru.cl"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527475/; classtype:trojan-activity;sid:83390575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uuao.php"; depth:9; endswith; nocase; http.host; content:"bachatbicycles.com"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527476/; classtype:trojan-activity;sid:83390576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbil.php"; depth:9; endswith; nocase; http.host; content:"cat2020.org"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527477/; classtype:trojan-activity;sid:83390577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtl.php"; depth:8; endswith; nocase; http.host; content:"baznaskotamagelang.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527478/; classtype:trojan-activity;sid:83390578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trq.php"; depth:8; endswith; nocase; http.host; content:"binarygh.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527467/; classtype:trojan-activity;sid:83390567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eamt.php"; depth:9; endswith; nocase; http.host; content:"cloudsolutions.com.ec"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527468/; classtype:trojan-activity;sid:83390568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umrr.php"; depth:9; endswith; nocase; http.host; content:"autocuidadoemocional.com"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527469/; classtype:trojan-activity;sid:83390569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enso.php"; depth:9; endswith; nocase; http.host; content:"corefitdiet.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527470/; classtype:trojan-activity;sid:83390570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arp.php"; depth:8; endswith; nocase; http.host; content:"athenacommunity.college"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527466/; classtype:trojan-activity;sid:83390566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mio.php"; depth:8; endswith; nocase; http.host; content:"comercialvamo.com"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527458/; classtype:trojan-activity;sid:83390558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt.php"; depth:7; endswith; nocase; http.host; content:"binetbeauty.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527459/; classtype:trojan-activity;sid:83390559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dci.php"; depth:8; endswith; nocase; http.host; content:"born2richsports.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527460/; classtype:trojan-activity;sid:83390560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtuo.php"; depth:9; endswith; nocase; http.host; content:"apsengbd.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527461/; classtype:trojan-activity;sid:83390561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avsu.php"; depth:9; endswith; nocase; http.host; content:"bestmix.ae"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527462/; classtype:trojan-activity;sid:83390562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qs.php"; depth:7; endswith; nocase; http.host; content:"bmtmaintenances.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527463/; classtype:trojan-activity;sid:83390563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am.php"; depth:7; endswith; nocase; http.host; content:"asotaeba.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527464/; classtype:trojan-activity;sid:83390564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/di.php"; depth:7; endswith; nocase; http.host; content:"cdldistributiongulf.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527465/; classtype:trojan-activity;sid:83390565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soe.php"; depth:8; endswith; nocase; http.host; content:"bemycoffee.rs"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527452/; classtype:trojan-activity;sid:83390552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea.php"; depth:7; endswith; nocase; http.host; content:"cedeccoperu.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527453/; classtype:trojan-activity;sid:83390553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqdi.php"; depth:9; endswith; nocase; http.host; content:"bestbodcare.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527454/; classtype:trojan-activity;sid:83390554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtn.php"; depth:8; endswith; nocase; http.host; content:"broichconstruction.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527455/; classtype:trojan-activity;sid:83390555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mq.php"; depth:7; endswith; nocase; http.host; content:"bluehealthmarketing.com"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527456/; classtype:trojan-activity;sid:83390556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu.php"; depth:7; endswith; nocase; http.host; content:"arabengineers.net"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527457/; classtype:trojan-activity;sid:83390557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lu.php"; depth:7; endswith; nocase; http.host; content:"citizencommons.org"; depth:18; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527451/; classtype:trojan-activity;sid:83390551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rop.php"; depth:8; endswith; nocase; http.host; content:"caminhodosabergbi.com.br"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527450/; classtype:trojan-activity;sid:83390550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmu.php"; depth:8; endswith; nocase; http.host; content:"adesanyaadedeji.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527449/; classtype:trojan-activity;sid:83390549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aur.php"; depth:8; endswith; nocase; http.host; content:"agropecas.net.br"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527448/; classtype:trojan-activity;sid:83390548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dleu.php"; depth:9; endswith; nocase; http.host; content:"academicpublications.net"; depth:24; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527447/; classtype:trojan-activity;sid:83390547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oiq.php"; depth:8; endswith; nocase; http.host; content:"360sinlimites.com.mx"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527446/; classtype:trojan-activity;sid:83390546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tai.php"; depth:8; endswith; nocase; http.host; content:"3aengenharia-se.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527443/; classtype:trojan-activity;sid:83390543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eorn.php"; depth:9; endswith; nocase; http.host; content:"aceskylineservices.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527444/; classtype:trojan-activity;sid:83390544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahi.php"; depth:8; endswith; nocase; http.host; content:"albroker.app"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527445/; classtype:trojan-activity;sid:83390545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et.php"; depth:7; endswith; nocase; http.host; content:"ankurajmaniclasses.in"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527442/; classtype:trojan-activity;sid:83390542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teq.php"; depth:8; endswith; nocase; http.host; content:"1stfinancialservicesltd.co.uk"; depth:29; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527441/; classtype:trojan-activity;sid:83390541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eti.php"; depth:8; endswith; nocase; http.host; content:"aniq-tenda.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527439/; classtype:trojan-activity;sid:83390539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ml.php"; depth:7; endswith; nocase; http.host; content:"grupozego.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527440/; classtype:trojan-activity;sid:83390540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urtr.php"; depth:9; endswith; nocase; http.host; content:"2020ph.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527437/; classtype:trojan-activity;sid:83390537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltv.php"; depth:8; endswith; nocase; http.host; content:"ambassadorsofislam.org"; depth:22; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527438/; classtype:trojan-activity;sid:83390538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vo.php"; depth:7; endswith; nocase; http.host; content:"3a-realestate-eg.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527433/; classtype:trojan-activity;sid:83390533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pudl.php"; depth:9; endswith; nocase; http.host; content:"5colors.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527434/; classtype:trojan-activity;sid:83390534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dorb.php"; depth:9; endswith; nocase; http.host; content:"namlittleforest.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527435/; classtype:trojan-activity;sid:83390535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te.php"; depth:7; endswith; nocase; http.host; content:"activisions.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527436/; classtype:trojan-activity;sid:83390536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi.php"; depth:7; endswith; nocase; http.host; content:"akzone.co"; depth:9; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527430/; classtype:trojan-activity;sid:83390530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eds.php"; depth:8; endswith; nocase; http.host; content:"al7irak.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527431/; classtype:trojan-activity;sid:83390531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rds.php"; depth:8; endswith; nocase; http.host; content:"247shoping.com"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527432/; classtype:trojan-activity;sid:83390532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lt.php"; depth:7; endswith; nocase; http.host; content:"antropy.zone"; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527426/; classtype:trojan-activity;sid:83390526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cau.php"; depth:8; endswith; nocase; http.host; content:"allleaguebaseball.com"; depth:21; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527427/; classtype:trojan-activity;sid:83390527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imaa.php"; depth:9; endswith; nocase; http.host; content:"albropharma.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527428/; classtype:trojan-activity;sid:83390528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss.php"; depth:7; endswith; nocase; http.host; content:"ryon.co.in"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527429/; classtype:trojan-activity;sid:83390529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iitq.php"; depth:9; endswith; nocase; http.host; content:"airlise.sbs"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527424/; classtype:trojan-activity;sid:83390524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aum.php"; depth:8; endswith; nocase; http.host; content:"andrewsfasteners.com.au"; depth:23; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527425/; classtype:trojan-activity;sid:83390525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rua.php"; depth:8; endswith; nocase; http.host; content:"ahmadmassoud.net"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527419/; classtype:trojan-activity;sid:83390519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acte.php"; depth:9; endswith; nocase; http.host; content:"amzneos.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527420/; classtype:trojan-activity;sid:83390520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.215.163"; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527421/; classtype:trojan-activity;sid:83390521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si.php"; depth:7; endswith; nocase; http.host; content:"7air.co"; depth:7; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527422/; classtype:trojan-activity;sid:83390522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2527423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tta.php"; depth:8; endswith; nocase; http.host; content:"amaravathi.life"; depth:15; isdataat:!1,relative; metadata:created_at 2023_02_02; reference:url, urlhaus.abuse.ch/url/2527423/; classtype:trojan-activity;sid:83390523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known mal