################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2020-08-11 16:21:12 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zb_users/private-sector/mub-x2c5d-19433138216-cdbthgd3iccouh/kyojdpg1-gx525zjm/"; depth:80; endswith; http.host; content:"qzshunji.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429536/; classtype:trojan-activity;sid:81292636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/r9mhgmvo-rqkev-18632/"; depth:34; endswith; http.host; content:"q.ddcxh.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429535/; classtype:trojan-activity;sid:81292635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/available_module/interior_751262715_km3bl0/plphd_gn8vazk11uylm3/"; depth:74; endswith; http.host; content:"savannaopticalsgh.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429534/; classtype:trojan-activity;sid:81292634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sites/available_pk0o2ztk_6kukobcyse/998910_z2zohnj8_space/589pf_tyzyw3x4x4y90s/"; depth:80; endswith; http.host; content:"thetastrike.forclientdemo.com"; depth:29; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429533/; classtype:trojan-activity;sid:81292633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"177.189.241.61"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429532/; classtype:trojan-activity;sid:81292632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/multifunctional-array/wktu6az8-p3io14l48lcf-74ye-0aypa5/140164-wycz5cfu/"; depth:82; endswith; http.host; content:"whitegalaxyent.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429531/; classtype:trojan-activity;sid:81292631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f25d3d9a0b9c524651b28632f7f059c4/watchdog.exe"; depth:46; endswith; http.host; content:"marketsshops.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429530/; classtype:trojan-activity;sid:81292630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f25d3d9a0b9c524651b28632f7f059c4/app.exe"; depth:41; endswith; http.host; content:"marketsshops.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429529/; classtype:trojan-activity;sid:81292629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f25d3d9a0b9c524651b28632f7f059c4/uninstallcloudnet.exe"; depth:55; endswith; http.host; content:"marketsshops.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429528/; classtype:trojan-activity;sid:81292628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ru5555/nuovo_colore__weekly_vlog___youtube-fmld-0.exe"; depth:54; endswith; http.host; content:"maxbook.site"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429527/; classtype:trojan-activity;sid:81292627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/open-sector/security-squol5hhfh-urgov18f/ezx-3s722vw/"; depth:66; endswith; http.host; content:"webuyhomes.forclientdemo.com"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429526/; classtype:trojan-activity;sid:81292626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/728439_7fk7un_array/open_space/hrgeaq1uu_lk2lkfudea/"; depth:62; endswith; http.host; content:"solarkhoinguyen.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429525/; classtype:trojan-activity;sid:81292625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/oaqwf-fwm4s9tqyufuk-disk/verified-warehouse/q9r-w21syw5z73/"; depth:68; endswith; http.host; content:"www.maskweb.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429524/; classtype:trojan-activity;sid:81292624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xcvzy/protected-zone/verified-676ubt-s4msm6dl7vo/q3m9sbagpdc2-zgk5p9al/"; depth:72; endswith; http.host; content:"realmobiletech.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429522/; classtype:trojan-activity;sid:81292622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hana-sc/jfgrrog/"; depth:17; endswith; http.host; content:"mizuhosi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429521/; classtype:trojan-activity;sid:81292621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asserts/ptfo/"; depth:14; endswith; http.host; content:"blueberrypharma.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429520/; classtype:trojan-activity;sid:81292620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/oct/"; depth:16; endswith; http.host; content:"www.nlpmasters.co.il"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429506/; classtype:trojan-activity;sid:81292606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/llc/"; depth:16; endswith; http.host; content:"demo1.cloudzigzag.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429470/; classtype:trojan-activity;sid:81292570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/open-resource/security-qhpu5-bfzhhhhl/guz2045e1rv-lvfml5jj1g2w/"; depth:75; endswith; http.host; content:"bmcconsulting.dk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429469/; classtype:trojan-activity;sid:81292569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lever/public/j2h7yrgwzv9g/"; depth:27; endswith; http.host; content:"motolink.in"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429468/; classtype:trojan-activity;sid:81292568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t4fzsp/xp0sde_4tyaptuch6gng_array/corporate_area/ei3300cl804_6y9872w3tws/"; depth:74; endswith; http.host; content:"9017.cf"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429467/; classtype:trojan-activity;sid:81292567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bridge/public/avxa235738306333326a9x8fs7bd3imiz/"; depth:49; endswith; http.host; content:"warung.ndrotech.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429466/; classtype:trojan-activity;sid:81292566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/qxvl5mul/"; depth:22; endswith; http.host; content:"lifepartner.hk"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429465/; classtype:trojan-activity;sid:81292565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/__1_./private-resource/verified-area/xdjx-x3w6sx41yy/"; depth:54; endswith; http.host; content:"bihongobd.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429464/; classtype:trojan-activity;sid:81292564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gbkzfajyho/reporting/oxt45nx/"; depth:30; endswith; http.host; content:"dsshop.zlygu.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429463/; classtype:trojan-activity;sid:81292563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lp79pefyvq/protected_157513_cut6clufu/external_forum/d6i5fqzrkq_glacqyki1z/"; depth:76; endswith; http.host; content:"idc.zlygu.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429462/; classtype:trojan-activity;sid:81292562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/kysp7zw/mir5u06474417572768pze1r4qessydnkqz/"; depth:57; endswith; http.host; content:"timelyrain.top"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429461/; classtype:trojan-activity;sid:81292561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iive6aqne/available-sector/rciu4xetf-3k2xmgpedjp-ugyh-0uso3vutiqx0/dmgk5hge52-hiamgvslt/"; depth:89; endswith; http.host; content:"pscl.zlygu.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429460/; classtype:trojan-activity;sid:81292560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/swift/m96761364955u6pl4eyipwsgq91/"; depth:47; endswith; http.host; content:"www.yuefuep.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429459/; classtype:trojan-activity;sid:81292559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.221.215"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429458/; classtype:trojan-activity;sid:81292558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.114.95.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429456/; classtype:trojan-activity;sid:81292556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rss/5by8.jpg"; depth:13; endswith; http.host; content:"sutekihome.co.id"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429455/; classtype:trojan-activity;sid:81292555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rss/vipe.jpg"; depth:13; endswith; http.host; content:"sutekihome.co.id"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429454/; classtype:trojan-activity;sid:81292554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knqqpxhkdk/multifunctional_box/security_profile/800312_ap55gmmre/"; depth:66; endswith; http.host; content:"xcwuyu.zlygu.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429453/; classtype:trojan-activity;sid:81292553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/attachments/bw2554921933816769anjytysnh7krtq3/"; depth:59; endswith; http.host; content:"lgjmcaz.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429452/; classtype:trojan-activity;sid:81292552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rss/melo.jpg"; depth:13; endswith; http.host; content:"sutekihome.co.id"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429451/; classtype:trojan-activity;sid:81292551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rss/cmca.jpg"; depth:13; endswith; http.host; content:"sutekihome.co.id"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429450/; classtype:trojan-activity;sid:81292550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmp/5745524575116/qsoeaqojvrn/"; depth:31; endswith; http.host; content:"app.vayron.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429449/; classtype:trojan-activity;sid:81292549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m/swift/dnkut5p/"; depth:17; endswith; http.host; content:"sentir.nl"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429448/; classtype:trojan-activity;sid:81292548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ver/personal-box/cf7k5tp-9wpjx-qa2byng-lu8ngr4aw/0f7b1dw2yt-422x1t072x/"; depth:72; endswith; http.host; content:"www.teleargentina.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429447/; classtype:trojan-activity;sid:81292547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/jrx2j84p/"; depth:19; endswith; http.host; content:"swiftlogisticseg.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429446/; classtype:trojan-activity;sid:81292546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image/noxibqwri-ecdvxxfiq32zq-module/guarded-area/d1ii3ltior29myc-1y662775s3st/"; depth:80; endswith; http.host; content:"www.thepartycompany.co.uk"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429445/; classtype:trojan-activity;sid:81292545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats/documentation/910416592028c50filqqsx81/"; depth:46; endswith; http.host; content:"teldesign.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429444/; classtype:trojan-activity;sid:81292544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/serenna/open-zone/h3jvaiwjt-ct5gey4dz-portal/7e6sq-6uxwu6ty581x/"; depth:65; endswith; http.host; content:"tksb.net"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429441/; classtype:trojan-activity;sid:81292541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/public/beawmod/"; depth:24; endswith; http.host; content:"uss.ac.th"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429440/; classtype:trojan-activity;sid:81292540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wealthdomain_lypxhdfcg252.bin"; depth:30; endswith; http.host; content:"101.99.91.158"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429416/; classtype:trojan-activity;sid:81292516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bebemaria/download/doc/s5cltyz/"; depth:32; endswith; http.host; content:"vmais.net"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429411/; classtype:trojan-activity;sid:81292511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/708325845_pvbkybtiya_zone/guarded_area/96507023186_oeietrunx/"; depth:69; endswith; http.host; content:"www.webworks.fr"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429410/; classtype:trojan-activity;sid:81292510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/x8dm6x70l9/"; depth:17; endswith; http.host; content:"www.weddingsday.co.uk"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429409/; classtype:trojan-activity;sid:81292509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dev/lm/9o67nhkk/"; depth:17; endswith; http.host; content:"webso.ca"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429407/; classtype:trojan-activity;sid:81292507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/balance/kp8jbven977/"; depth:27; endswith; http.host; content:"jpwoodfordco.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429406/; classtype:trojan-activity;sid:81292506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/41651152032_lijfus_array/additional_vjtzteo7ok_in18orc11egw/c2u_xy191zzw/"; depth:83; endswith; http.host; content:"aceswilddesign.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429405/; classtype:trojan-activity;sid:81292505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upgrades/x4e50/"; depth:16; endswith; http.host; content:"dotshop.gr"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429404/; classtype:trojan-activity;sid:81292504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/u68012/"; depth:19; endswith; http.host; content:"dmjteak.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429402/; classtype:trojan-activity;sid:81292502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs-plugin/k7258713/"; depth:20; endswith; http.host; content:"coelcompany.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429400/; classtype:trojan-activity;sid:81292500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jmbwqbkgwkrb/1597158476.png"; depth:28; endswith; http.host; content:"cefeqsc.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429398/; classtype:trojan-activity;sid:81292498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmyhkklk/1597158476.png"; depth:24; endswith; http.host; content:"indigainterior.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429397/; classtype:trojan-activity;sid:81292497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqmbuk/1597158476.png"; depth:22; endswith; http.host; content:"borhan.sbu.ac.ir"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429396/; classtype:trojan-activity;sid:81292496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vfscohmkqjid/1597158476.png"; depth:28; endswith; http.host; content:"melaniebates.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429395/; classtype:trojan-activity;sid:81292495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pncciwm/1597158476.png"; depth:23; endswith; http.host; content:"denibhelpme.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429394/; classtype:trojan-activity;sid:81292494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/default/available-4022743-yqzwfq6wcj/security-forum/msrxgiw1i9ycd-74yxt5/"; depth:85; endswith; http.host; content:"sanchezysandoval.es"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429393/; classtype:trojan-activity;sid:81292493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/public/"; depth:12; endswith; http.host; content:"cr-technik.de"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429392/; classtype:trojan-activity;sid:81292492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puigpunyent/private_zone/security_area/784_6u8374xz18/"; depth:55; endswith; http.host; content:"balearsmeteo.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429391/; classtype:trojan-activity;sid:81292491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/private-sector/nqtey-a7zehvyntqf-caw4uz6bko-cpw/jeegx-x155x00/"; depth:72; endswith; http.host; content:"npq.vn"; depth:6; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429390/; classtype:trojan-activity;sid:81292490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solo/private_zone/0ufgi_67gdrmqdc6_area/2884569442_hdwqh8og6i/"; depth:63; endswith; http.host; content:"bkeeper.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429389/; classtype:trojan-activity;sid:81292489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/online/private_disk/individual_space/wm6p5w2zfaaq8_0x7151w48/"; depth:62; endswith; http.host; content:"docenciacriativa.hospedagemdesites.ws"; depth:37; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429388/; classtype:trojan-activity;sid:81292488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/file/aj3o19e6/"; depth:23; endswith; http.host; content:"ajstudiollc.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429386/; classtype:trojan-activity;sid:81292486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/o4tlsd-zn1wspuco-resource/individual-portal/74689489568-9m0yxdqzo/"; depth:76; endswith; http.host; content:"vr.dawang.ink"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429385/; classtype:trojan-activity;sid:81292485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/multifunctional-zwmlntpt-gz12xbr/corporate-warehouse/6763566679-3awhrh4hjy/"; depth:85; endswith; http.host; content:"manandvanwaterlooville.co.uk"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429384/; classtype:trojan-activity;sid:81292484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lm/"; depth:12; endswith; http.host; content:"cacapavaonline.sdserver144.com.br"; depth:33; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429383/; classtype:trojan-activity;sid:81292483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloader/doc/4009rct5389596685544962inlll619junfnv63td/"; depth:58; endswith; http.host; content:"www.scootervenlo.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429382/; classtype:trojan-activity;sid:81292482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/closed-section/test-7602120396-q1qly2je1n/57978974804914-xyaltnjunbxdm/"; depth:80; endswith; http.host; content:"earthnet.mx"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429381/; classtype:trojan-activity;sid:81292481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-snapshots/lnzj85zfyn_ejxqli_686604_rvwk73cvzrq/interior_profile/w4l0_z257y1z69/"; depth:83; endswith; http.host; content:"simoneporzi.it"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429380/; classtype:trojan-activity;sid:81292480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/doc/"; depth:13; endswith; http.host; content:"ecoagrodunarea.ro"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429378/; classtype:trojan-activity;sid:81292478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/y_0_n4/"; depth:16; endswith; http.host; content:"ezerangyal.hu"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429377/; classtype:trojan-activity;sid:81292477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/zblw9_5hsm_1ex2pyy/"; depth:28; endswith; http.host; content:"dandorahiphopcity.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429375/; classtype:trojan-activity;sid:81292475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documentos/k_n_iv8ku/"; depth:22; endswith; http.host; content:"coparmexpuebla.org"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429374/; classtype:trojan-activity;sid:81292474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/b_z2_cyikfkk/"; depth:21; endswith; http.host; content:"cryptokuota.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429373/; classtype:trojan-activity;sid:81292473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/protected_resource/open_qbow5ga_obrkttfwpmgz/t8wiwr9ymk_v2x9v1w1wzu1/"; depth:78; endswith; http.host; content:"www.sitepazar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429372/; classtype:trojan-activity;sid:81292472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail.euphoria.no/swift/"; depth:24; endswith; http.host; content:"euphoria.no"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429371/; classtype:trojan-activity;sid:81292471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.arm4"; depth:48; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429370/; classtype:trojan-activity;sid:81292470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.arm5"; depth:48; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429369/; classtype:trojan-activity;sid:81292469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.arm6"; depth:48; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429368/; classtype:trojan-activity;sid:81292468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.mips"; depth:48; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429367/; classtype:trojan-activity;sid:81292467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.mpsl"; depth:48; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429366/; classtype:trojan-activity;sid:81292466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.ppc"; depth:47; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429365/; classtype:trojan-activity;sid:81292465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.sparc"; depth:49; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429364/; classtype:trojan-activity;sid:81292464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/zbetcheckin.x86"; depth:47; endswith; http.host; content:"149.3.170.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429363/; classtype:trojan-activity;sid:81292463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/ogradjs-uadplh3yqm1f8ec8-box/verifiable-portal/45620811350008-gpydkik4f4dexew1/"; depth:92; endswith; http.host; content:"catswiz.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429362/; classtype:trojan-activity;sid:81292462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pncciwm/1597156607.png"; depth:23; endswith; http.host; content:"denibhelpme.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429361/; classtype:trojan-activity;sid:81292461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pncciwm/1597161079.png"; depth:23; endswith; http.host; content:"denibhelpme.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429360/; classtype:trojan-activity;sid:81292460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webset/esp/578837309901398agkhfhnf3j3/"; depth:39; endswith; http.host; content:"tlbohr.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429359/; classtype:trojan-activity;sid:81292459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkkqw/protected-section/onooemgwtd-zpgdnt1wobtn-area/fghjhuy-3huaitlqpg/"; depth:73; endswith; http.host; content:"ybcoin.org"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429358/; classtype:trojan-activity;sid:81292458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/docs/ptn0656608ztaqj3e3dss85y90rctu/"; depth:45; endswith; http.host; content:"www.vipi.co.ke"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429357/; classtype:trojan-activity;sid:81292457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/7znayry6j2qg-3p2u2rjsftuu63f-zone/lwpaoromi-iyicdcb3xeon-area/vdqong-ahb01e1t5/"; depth:89; endswith; http.host; content:"cianflone.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429355/; classtype:trojan-activity;sid:81292455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/closed_section/special_83zpi0emmm_bytzbggpfiv6/nccko8gh0uc_iidg6pnl8hfk/"; depth:85; endswith; http.host; content:"automaticrefreshments.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429354/; classtype:trojan-activity;sid:81292454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/esp/"; depth:16; endswith; http.host; content:"damoshushu.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429353/; classtype:trojan-activity;sid:81292453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/af/wfi9c-174sucp83uo1-resource/tyrqjpss-1anqga0icux-portal/0908894-qjhhjhhb1nqkq4/"; depth:83; endswith; http.host; content:"innovertec.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429352/; classtype:trojan-activity;sid:81292452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"220.168.240.105"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429351/; classtype:trojan-activity;sid:81292451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.134.185.98"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429350/; classtype:trojan-activity;sid:81292450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.119"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429349/; classtype:trojan-activity;sid:81292449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.235.57.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429347/; classtype:trojan-activity;sid:81292447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.78.146"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429346/; classtype:trojan-activity;sid:81292446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.221.242.166"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429345/; classtype:trojan-activity;sid:81292445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.146.194.201"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429344/; classtype:trojan-activity;sid:81292444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.239.161.249"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429343/; classtype:trojan-activity;sid:81292443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.241.170.241"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429342/; classtype:trojan-activity;sid:81292442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.199.144"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429339/; classtype:trojan-activity;sid:81292439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.118.129.248"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429338/; classtype:trojan-activity;sid:81292438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.116.231.114"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429337/; classtype:trojan-activity;sid:81292437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.67"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429336/; classtype:trojan-activity;sid:81292436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.235.210.127"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429333/; classtype:trojan-activity;sid:81292433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.234.244.103"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429332/; classtype:trojan-activity;sid:81292432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.238.171.204"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429331/; classtype:trojan-activity;sid:81292431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.226.254.124"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429330/; classtype:trojan-activity;sid:81292430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.104.224.193"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429328/; classtype:trojan-activity;sid:81292428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.131.206.105"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429327/; classtype:trojan-activity;sid:81292427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bekber/doc/oa449224492780qp37hl8x2vfe11gg8sn89/"; depth:48; endswith; http.host; content:"kotakwarna.co.id"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429326/; classtype:trojan-activity;sid:81292426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.172.109"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429325/; classtype:trojan-activity;sid:81292425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.196.233.193"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429324/; classtype:trojan-activity;sid:81292424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.174.222.254"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429323/; classtype:trojan-activity;sid:81292423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.111.203.249"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429322/; classtype:trojan-activity;sid:81292422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.134.185.217"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429321/; classtype:trojan-activity;sid:81292421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.110.139.117"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429319/; classtype:trojan-activity;sid:81292419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.45.92"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429318/; classtype:trojan-activity;sid:81292418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.163.255"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429317/; classtype:trojan-activity;sid:81292417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.232.230.132"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429315/; classtype:trojan-activity;sid:81292415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.240.181"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429314/; classtype:trojan-activity;sid:81292414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.78.194"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429313/; classtype:trojan-activity;sid:81292413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"122.241.34.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429311/; classtype:trojan-activity;sid:81292411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.234.127.203"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429309/; classtype:trojan-activity;sid:81292409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.111"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429308/; classtype:trojan-activity;sid:81292408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"92.54.237.237"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429306/; classtype:trojan-activity;sid:81292406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.142.136.168"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429305/; classtype:trojan-activity;sid:81292405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.221.251.238"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429304/; classtype:trojan-activity;sid:81292404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.177.181.195"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429303/; classtype:trojan-activity;sid:81292403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"94.43.10.40"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429302/; classtype:trojan-activity;sid:81292402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.43.223.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429301/; classtype:trojan-activity;sid:81292401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.123.187.100"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429300/; classtype:trojan-activity;sid:81292400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.145.110.181"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429299/; classtype:trojan-activity;sid:81292399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.110.192.195"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429298/; classtype:trojan-activity;sid:81292398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins/llc/qsuim7mdnc4h/"; depth:26; endswith; http.host; content:"violetflame.glass"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429297/; classtype:trojan-activity;sid:81292397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image2.png"; depth:11; endswith; http.host; content:"pritiquita.s3-eu-west-1.amazonaws.com"; depth:37; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429296/; classtype:trojan-activity;sid:81292396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/r0tw7quqspj/1yurh28635993661453vqxonrrg2oymh/"; depth:58; endswith; http.host; content:"yoyoteacher.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429295/; classtype:trojan-activity;sid:81292395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/83017_52kaeqzyui_zone/471352_lsomja_area/96024424_8r166yshhz8kb/"; depth:73; endswith; http.host; content:"toweixin.site"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429292/; classtype:trojan-activity;sid:81292392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o/l2i14o7mr/"; depth:13; endswith; http.host; content:"n95mask.tech"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429291/; classtype:trojan-activity;sid:81292391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gttu/overview/sw94b26/"; depth:23; endswith; http.host; content:"dweixin.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429290/; classtype:trojan-activity;sid:81292390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/phy/"; depth:9; endswith; http.host; content:"overcreative.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429288/; classtype:trojan-activity;sid:81292388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forumpictures/fconwlx/"; depth:23; endswith; http.host; content:"boinc.be"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429287/; classtype:trojan-activity;sid:81292387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/pv-a0gwr-80017/"; depth:22; endswith; http.host; content:"www.altopropiedades.cl"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429286/; classtype:trojan-activity;sid:81292386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/om/"; depth:12; endswith; http.host; content:"alameenmission.net"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429285/; classtype:trojan-activity;sid:81292385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ctoziz/"; depth:16; endswith; http.host; content:"basinfarm.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429284/; classtype:trojan-activity;sid:81292384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jocml/bnqsfswr/"; depth:16; endswith; http.host; content:"psexpresstn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429283/; classtype:trojan-activity;sid:81292383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/xutzy/"; depth:16; endswith; http.host; content:"eunde.at"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429282/; classtype:trojan-activity;sid:81292382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/attachments/4jn2f95582276255hbfhln0qe4lga8q7bbm/"; depth:57; endswith; http.host; content:"toweixin.site"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429281/; classtype:trojan-activity;sid:81292381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/kxlcvuaq/"; depth:17; endswith; http.host; content:"seismophonic.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429279/; classtype:trojan-activity;sid:81292379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/php/sbuvlcca/"; depth:14; endswith; http.host; content:"roundlab.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429277/; classtype:trojan-activity;sid:81292377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/preview/pxhux/"; depth:15; endswith; http.host; content:"labersa.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429276/; classtype:trojan-activity;sid:81292376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dz9mzaobu3/7950990_qobyabzjcdks_zone/close_warehouse/u45j7b_tz27733xt7/"; depth:72; endswith; http.host; content:"amagna.nl"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429275/; classtype:trojan-activity;sid:81292375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logs/balance/qvst9izw/"; depth:23; endswith; http.host; content:"www.purpleline.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429269/; classtype:trojan-activity;sid:81292369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/swift/knv9xclm0bc/lb7o11934777258318xjm7rilpofkagw4aon/"; depth:67; endswith; http.host; content:"wolfbird.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429268/; classtype:trojan-activity;sid:81292368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/multifunctional-zone/external-41165193-fy10yc0urd6xqhd/vk4k4get-qrmjgmkliw7mi6/"; depth:89; endswith; http.host; content:"zqfirst.top"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429267/; classtype:trojan-activity;sid:81292367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/938113_gvptnltjqcdyk_3343876_bw4o4o1tw/open_forum/41664920786964_tmv0a1oumeevv/"; depth:91; endswith; http.host; content:"homful.info"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429266/; classtype:trojan-activity;sid:81292366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"216.180.117.119"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429263/; classtype:trojan-activity;sid:81292363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"162.212.113.134"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429262/; classtype:trojan-activity;sid:81292362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/curha3g3/"; depth:19; endswith; http.host; content:"fanxiang.gq"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429260/; classtype:trojan-activity;sid:81292360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/bizxl/"; depth:19; endswith; http.host; content:"arcoirisventas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429257/; classtype:trojan-activity;sid:81292357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/printer/lm/j8kg264beg/v90949704544s0p1xv8llovwpz9ak/"; depth:53; endswith; http.host; content:"accordms.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429256/; classtype:trojan-activity;sid:81292356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0nvwqjq9jf_vniy39moh1anymj_array/external_xtf9oj_yxxuyw9se/db8d_x9351569u3x/"; depth:77; endswith; http.host; content:"acmegroup.com.bd"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429255/; classtype:trojan-activity;sid:81292355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/overview/aaq868/"; depth:20; endswith; http.host; content:"addvalue.co.jp"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429254/; classtype:trojan-activity;sid:81292354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/423160803-lbflwy9y3e-sector/p8h6w-o87dz3k9-wx9jemvoolbjdvt-x5gymr2q/kmqb6zjkhyv-bsxi3qp7zlp/"; depth:105; endswith; http.host; content:"adep-ms.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429252/; classtype:trojan-activity;sid:81292352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/sites/o7ismh/h87337372hueprdcsmr8n6/"; depth:44; endswith; http.host; content:"almasoman.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429251/; classtype:trojan-activity;sid:81292351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/gvxaebj/"; depth:16; endswith; http.host; content:"cadikazani.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429249/; classtype:trojan-activity;sid:81292349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blueline/kgp2todx-tv-49/"; depth:25; endswith; http.host; content:"www.jwiltshire.org.uk"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429248/; classtype:trojan-activity;sid:81292348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kate/3zi-zg-9860/"; depth:18; endswith; http.host; content:"meddaughs.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429247/; classtype:trojan-activity;sid:81292347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about-us/rikbrsw/"; depth:18; endswith; http.host; content:"aeeec.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429245/; classtype:trojan-activity;sid:81292345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carat/na-9i-3247/"; depth:18; endswith; http.host; content:"diamondsforlife.com.au"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429244/; classtype:trojan-activity;sid:81292344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/83-ik1-4850/"; depth:24; endswith; http.host; content:"riantex.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429243/; classtype:trojan-activity;sid:81292343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/rrwxo/"; depth:16; endswith; http.host; content:"www.hekahealth.org"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429241/; classtype:trojan-activity;sid:81292341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wpscripts/reoon2l-lp-801/"; depth:26; endswith; http.host; content:"aliancavisual.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429240/; classtype:trojan-activity;sid:81292340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/fryqpdpld/"; depth:20; endswith; http.host; content:"azraktours.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429239/; classtype:trojan-activity;sid:81292339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/multifunctional_module/guarded_space/omebe_v6z72wv0496x/"; depth:62; endswith; http.host; content:"aminwax.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429238/; classtype:trojan-activity;sid:81292338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup0/common-sector/268654-cizmfr418q8e-y43hmsxl-oupqh9efb/cjlby7p8d57hyaow-v263/"; depth:83; endswith; http.host; content:"ampletextech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429237/; classtype:trojan-activity;sid:81292337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/lm/mebw0qy/f0q6u8798007310705ubkg10nqrup/"; depth:54; endswith; http.host; content:"alphaomegasl.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429236/; classtype:trojan-activity;sid:81292336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"83.242.253.154"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429233/; classtype:trojan-activity;sid:81292333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/private-50659-pnutrung/close-area/tkjrrfzzloqm-6nzlm8kjyaeal/"; depth:70; endswith; http.host; content:"anisoph.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429232/; classtype:trojan-activity;sid:81292332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/open_section/additional_portal/1123059889362_72bvbol/"; depth:58; endswith; http.host; content:"argilasantana.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429230/; classtype:trojan-activity;sid:81292330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad/multifunctional_zone/external_cloud/rlllm5_gowaidohwv0u/"; depth:60; endswith; http.host; content:"asiandragoncoin.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429228/; classtype:trojan-activity;sid:81292328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdt/available-section/guarded-fuaxdpdxs-iprq/flru0ndapc-dj8z1d9jgwjk/"; depth:70; endswith; http.host; content:"azandam.co.uk"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429213/; classtype:trojan-activity;sid:81292313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manufacturerl/73260-rlumbuaxcwf-mhpv-hb9h4uxf/external-space/7175911-vfttcwb3yh/"; depth:81; endswith; http.host; content:"aqfsistemas.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429212/; classtype:trojan-activity;sid:81292312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/swift/92iaza11r/"; depth:20; endswith; http.host; content:"azanayoga.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429211/; classtype:trojan-activity;sid:81292311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/personal_vhn6xgoja_bgarvhmr/security_54741706_kwdyftzuklfol/223219951966_16pmvh9wg7/"; depth:92; endswith; http.host; content:"badkamermaker.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429210/; classtype:trojan-activity;sid:81292310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/oct/9y16gtinb/r787370127804t6q0xw62fgqgawa7/"; depth:53; endswith; http.host; content:"banahtv.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429209/; classtype:trojan-activity;sid:81292309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgs/x.exe"; depth:10; endswith; http.host; content:"sessionoftherainfloodingeverywherehighno.duckdns.org"; depth:52; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429208/; classtype:trojan-activity;sid:81292308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bgs/vbc.exe"; depth:12; endswith; http.host; content:"sessionoftherainfloodingeverywherehighno.duckdns.org"; depth:52; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429207/; classtype:trojan-activity;sid:81292307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/closed_array/guarded_fa9z40jy6si7mb_8on3mebqsw/89964905_vu2o8cc/"; depth:74; endswith; http.host; content:"bigventas.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429204/; classtype:trojan-activity;sid:81292304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/sites/"; depth:15; endswith; http.host; content:"bercpro.be"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429203/; classtype:trojan-activity;sid:81292303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_notes/dnhaafa5990986147397r8ex2y5o/"; depth:37; endswith; http.host; content:"bekape.co.id"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429202/; classtype:trojan-activity;sid:81292302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/report/bep11e11g/69262740539azkq88i/"; depth:44; endswith; http.host; content:"bimascale.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429201/; classtype:trojan-activity;sid:81292301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/parts_service/45s2sk6/cg995340337907210d51fsj488nfezs68p/"; depth:67; endswith; http.host; content:"biohumussol.ro"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429199/; classtype:trojan-activity;sid:81292299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old/inc/f9obb1/"; depth:16; endswith; http.host; content:"blackgold.mv"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429195/; classtype:trojan-activity;sid:81292295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navigator/balance/"; depth:19; endswith; http.host; content:"www.bs2000.home.pl"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429194/; classtype:trojan-activity;sid:81292294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/private-ikitfgp7xs-h6texmjmfx/additional-space/105335905-pk5nc1xqt7f8/"; depth:75; endswith; http.host; content:"care24hospital.in"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429193/; classtype:trojan-activity;sid:81292293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arabians_htm_files/etrac/r402254646145580325hvf2gtpyjmh0hmj50cnjqu/"; depth:68; endswith; http.host; content:"caballo.com.au"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429192/; classtype:trojan-activity;sid:81292292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/multifunctional-sector/g3vmhszkgb-5frzpzwqia-portal/2ypasrqt3h-ut0816v20t97y9/"; depth:83; endswith; http.host; content:"cafeponton.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429191/; classtype:trojan-activity;sid:81292291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db/61026048245644/e9ryrccjxl/"; depth:30; endswith; http.host; content:"casefunk.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429190/; classtype:trojan-activity;sid:81292290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/browse/"; depth:19; endswith; http.host; content:"cendoya.com.ar"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429189/; classtype:trojan-activity;sid:81292289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/payment/dmzy84fnnbr/"; depth:29; endswith; http.host; content:"childselect.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429188/; classtype:trojan-activity;sid:81292288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/982dyfyh/"; depth:22; endswith; http.host; content:"cleverpharma.es"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429187/; classtype:trojan-activity;sid:81292287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/private_disk/714867204_z2xrcmw7_portal/m1rlcal6y_cuzckfpusnxhg/"; depth:72; endswith; http.host; content:"cartorionotarial.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429186/; classtype:trojan-activity;sid:81292286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/personal_section/external_hjdc_5pgbndqa/68869682058477_pibcmgra/"; depth:71; endswith; http.host; content:"www.canopy.org"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429185/; classtype:trojan-activity;sid:81292285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"2.89.192.213"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429184/; classtype:trojan-activity;sid:81292284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video/payment/"; depth:15; endswith; http.host; content:"delikt100.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429183/; classtype:trojan-activity;sid:81292283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/3036080968083-bbgxw218-array/interior-ff4wfyx-1t9wm0qe7y9n/wzp8j-rs87mnrr71/"; depth:86; endswith; http.host; content:"dosman.pl"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429180/; classtype:trojan-activity;sid:81292280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/invoice/85dhhzk52/"; depth:28; endswith; http.host; content:"dbhmedicare.com.my"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429178/; classtype:trojan-activity;sid:81292278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/sk9tmwpqm22n31h_xcyxrpugkdd9ypcc_9632840898_zd3omux/individual_profile/6804991615_c7rjiji9d/"; depth:101; endswith; http.host; content:"delangen.nl"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429174/; classtype:trojan-activity;sid:81292274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/open_resource/ngqub_pdhakj09fh_space/329726980369_jye7zedbirlwv/"; depth:76; endswith; http.host; content:"stardealerportal.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429173/; classtype:trojan-activity;sid:81292273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nutricia/multifunctional_resource/verified_4440848469_kgjvmkg/244882_vcaplgg9/"; depth:79; endswith; http.host; content:"dendi.pl"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429172/; classtype:trojan-activity;sid:81292272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vra/uld/"; depth:9; endswith; http.host; content:"emediserv.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429170/; classtype:trojan-activity;sid:81292270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/internal/ys54480/"; depth:18; endswith; http.host; content:"expart.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429169/; classtype:trojan-activity;sid:81292269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron-nct/mmgmv/"; depth:16; endswith; http.host; content:"ecorideen.ncryptedprojects.com"; depth:30; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429167/; classtype:trojan-activity;sid:81292267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/i1ry8vv1xm8e9dj_zq5ocq0zevjas0hv_sector/tpz66c_w64_83www7hjv_jk9fn8h/jkmhk_39d2x6tw6gnf3s/"; depth:105; endswith; http.host; content:"diefreaks.net"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429165/; classtype:trojan-activity;sid:81292265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup/f36plkn0r/90c952807252655419y2tu612fnulvt9x/"; depth:52; endswith; http.host; content:"csngroup.donaus.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429164/; classtype:trojan-activity;sid:81292264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/b7nwa_2b_y/"; depth:23; endswith; http.host; content:"ergosnooze.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429163/; classtype:trojan-activity;sid:81292263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zg3lo_dsy_knb1n/"; depth:17; endswith; http.host; content:"ensanz.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429162/; classtype:trojan-activity;sid:81292262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/x7_k_qbuis80o/"; depth:18; endswith; http.host; content:"esdev.mumara.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429160/; classtype:trojan-activity;sid:81292260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/yxpv_xvhucojj8bw_sector/verifiable_992970_26wlgbitmghm3oy/gedm1c8zjo6remf_0s83109x4u/"; depth:94; endswith; http.host; content:"dizisezon.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429158/; classtype:trojan-activity;sid:81292258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/heynzd_9demj9cw8hlzqg_disk/individual_portal/xzb8vr_5n3igdeoviu/"; depth:71; endswith; http.host; content:"dlwebermanlaw.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429156/; classtype:trojan-activity;sid:81292256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old/closed_zone/interior_7kpjk5w_5h1vhf8b6z/5c0stqe1r_39844vx4yy/"; depth:66; endswith; http.host; content:"brinno.com.mx"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429154/; classtype:trojan-activity;sid:81292254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/2o3re9wi-a12jfjqctxtm6-box/verifiable-542174-oqdsca/j442-wx54w3uvv/"; depth:74; endswith; http.host; content:"www.kuppinger.eu"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429153/; classtype:trojan-activity;sid:81292253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.142.251.85"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429151/; classtype:trojan-activity;sid:81292251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/60801_okywkhdb0gwnghca_536682_0t86acn0a/guarded_forum/77948824432406_nnwf1w/"; depth:91; endswith; http.host; content:"eubanks7.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429150/; classtype:trojan-activity;sid:81292250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoppygee.exe"; depth:13; endswith; http.host; content:"coronaworldhealthorgainizationfilejob.duckdns.org"; depth:49; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429149/; classtype:trojan-activity;sid:81292249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ww12/jbaiikic-khehh37bi0-disk/close-oj9hxtu0o-odsv4tz28/kjshqdaogw7www-w0t3z0116/"; depth:82; endswith; http.host; content:"lochaistine.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429148/; classtype:trojan-activity;sid:81292248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/available-disk/zcxmdi-1qczh1x30wr1h88-area/097652655-aq90yx/"; depth:75; endswith; http.host; content:"inso.asia"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429145/; classtype:trojan-activity;sid:81292245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rams/r37708704100543uhqtfy0s5/"; depth:31; endswith; http.host; content:"inbsolutions.co.za"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429144/; classtype:trojan-activity;sid:81292244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/7682760365_gmbk93mlcliwl_951783912_m6jxhhk47kd/fn7lgny_xasypebyz_area/tdbuk1qkx_hwkr8g5n0d/"; depth:100; endswith; http.host; content:"dragonsknot.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429143/; classtype:trojan-activity;sid:81292243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/contact/paclm/"; depth:23; endswith; http.host; content:"www.industrialequip.net"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429142/; classtype:trojan-activity;sid:81292242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sx/chris_ilyvfva201.bin"; depth:24; endswith; http.host; content:"ploksyu.mywire.org"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429141/; classtype:trojan-activity;sid:81292241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin_nxmpbbo160.bin"; depth:19; endswith; http.host; content:"103.141.138.252"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429140/; classtype:trojan-activity;sid:81292240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/a/jayfile_lmwpoqiqld249.bin"; depth:47; endswith; http.host; content:"deporteshoy.com.ar"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429139/; classtype:trojan-activity;sid:81292239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/browse/hb6qproc8z/w8351312397333u7om4r2d4onp3ke/"; depth:49; endswith; http.host; content:"centralaviationsolutions.com"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429138/; classtype:trojan-activity;sid:81292238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/common-m6ff3co-czx4z8btwsw/close-warehouse/d81tew9er9-1nph7nrh3e30i7/"; depth:79; endswith; http.host; content:"www.estoyadieta.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429136/; classtype:trojan-activity;sid:81292236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.114.95.72"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429135/; classtype:trojan-activity;sid:81292235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.81.156.245"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429134/; classtype:trojan-activity;sid:81292234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.212.147"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429133/; classtype:trojan-activity;sid:81292233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.253.18.138"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429132/; classtype:trojan-activity;sid:81292232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.68.23.60"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429131/; classtype:trojan-activity;sid:81292231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.226.206"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429130/; classtype:trojan-activity;sid:81292230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.27.91.205"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429128/; classtype:trojan-activity;sid:81292228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.82.243.164"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429127/; classtype:trojan-activity;sid:81292227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.81.103.62"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429126/; classtype:trojan-activity;sid:81292226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.34.234.253"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429125/; classtype:trojan-activity;sid:81292225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.185.220"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429124/; classtype:trojan-activity;sid:81292224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.32.16"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429123/; classtype:trojan-activity;sid:81292223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.122.62.52"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429121/; classtype:trojan-activity;sid:81292221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.38.26.185"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429120/; classtype:trojan-activity;sid:81292220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.81.99.16"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429118/; classtype:trojan-activity;sid:81292218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.81.98.107"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429117/; classtype:trojan-activity;sid:81292217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.68.25.221"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429116/; classtype:trojan-activity;sid:81292216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.143.32.92"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429115/; classtype:trojan-activity;sid:81292215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.27.91.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429113/; classtype:trojan-activity;sid:81292213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.81.154.52"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429112/; classtype:trojan-activity;sid:81292212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"199.83.207.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429111/; classtype:trojan-activity;sid:81292211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.123.90.81"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429110/; classtype:trojan-activity;sid:81292210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"14.63.55.164"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429109/; classtype:trojan-activity;sid:81292209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.66.106.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429108/; classtype:trojan-activity;sid:81292208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.239.128.4"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429107/; classtype:trojan-activity;sid:81292207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/common_zone/open_cloud/6y4tyrrs_4xzw0wyw88xs0/"; depth:58; endswith; http.host; content:"focalaudiodesign.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429104/; classtype:trojan-activity;sid:81292204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/folder_lean_jun/docs/ndo9k7w22ufv/"; depth:35; endswith; http.host; content:"exithum.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429103/; classtype:trojan-activity;sid:81292203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mt-content/or3j7xiik_lqqymnga56ollbx_l9dmq74x_kmto284ekqlih3v/test_space/ifw3hui0yz_4dd2bkny2o/"; depth:96; endswith; http.host; content:"m3wealth.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429100/; classtype:trojan-activity;sid:81292200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/gotmls/images/parts_service/"; depth:48; endswith; http.host; content:"izaskunsaez.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429099/; classtype:trojan-activity;sid:81292199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jason/multifunctional-97411523418-ya2rtqrq5/guarded-xgseg7dr-pe1ddj5alqsesy/x36eas83-vxx334/"; depth:93; endswith; http.host; content:"markantes.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429096/; classtype:trojan-activity;sid:81292196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.241.169.31"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429093/; classtype:trojan-activity;sid:81292193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.162.179.75"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429092/; classtype:trojan-activity;sid:81292192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.243.19.227"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429091/; classtype:trojan-activity;sid:81292191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdr/docs/bjcnn87pc2z6/"; depth:23; endswith; http.host; content:"kyric.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429087/; classtype:trojan-activity;sid:81292187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.19.250.18"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429085/; classtype:trojan-activity;sid:81292185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.68.187.51"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429084/; classtype:trojan-activity;sid:81292184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.143.32.59"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429083/; classtype:trojan-activity;sid:81292183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.116.69.166"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429082/; classtype:trojan-activity;sid:81292182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"91.234.60.94"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429079/; classtype:trojan-activity;sid:81292179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"41.86.21.8"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429077/; classtype:trojan-activity;sid:81292177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.33.129.188"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429076/; classtype:trojan-activity;sid:81292176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.32.110.154"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429075/; classtype:trojan-activity;sid:81292175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.107.9.250"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429074/; classtype:trojan-activity;sid:81292174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.107.28.42"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429073/; classtype:trojan-activity;sid:81292173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.173.200"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429071/; classtype:trojan-activity;sid:81292171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.64.3"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429069/; classtype:trojan-activity;sid:81292169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.45.28"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429068/; classtype:trojan-activity;sid:81292168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.90.137.156"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429067/; classtype:trojan-activity;sid:81292167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pi2009153.7z"; depth:13; endswith; http.host; content:"bokuraga-yell.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429064/; classtype:trojan-activity;sid:81292164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429062/; classtype:trojan-activity;sid:81292162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/documentation/"; depth:26; endswith; http.host; content:"mx2interests.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429061/; classtype:trojan-activity;sid:81292161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.166.50"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429060/; classtype:trojan-activity;sid:81292160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.38.26.189"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429059/; classtype:trojan-activity;sid:81292159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.38.26.173"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429058/; classtype:trojan-activity;sid:81292158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/zxkyuhk/"; depth:14; endswith; http.host; content:"binardesign.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429057/; classtype:trojan-activity;sid:81292157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homepage/isfsq/"; depth:16; endswith; http.host; content:"coinich.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429056/; classtype:trojan-activity;sid:81292156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"1.246.223.148"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429055/; classtype:trojan-activity;sid:81292155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"1.246.223.119"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429054/; classtype:trojan-activity;sid:81292154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/u8kcod0z/"; depth:21; endswith; http.host; content:"mx2interests.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429053/; classtype:trojan-activity;sid:81292153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sathorncondos.com/n6dwb36edu55270418/"; depth:38; endswith; http.host; content:"sukhumvithomes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429050/; classtype:trojan-activity;sid:81292150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/hotvnj/"; depth:15; endswith; http.host; content:"stoutarc.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429048/; classtype:trojan-activity;sid:81292148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botones/sites/"; depth:15; endswith; http.host; content:"mqlibros.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429047/; classtype:trojan-activity;sid:81292147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ksahb732874/"; depth:22; endswith; http.host; content:"lead2019.tk"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429045/; classtype:trojan-activity;sid:81292145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yamanami/rubzr3/"; depth:17; endswith; http.host; content:"suenaga.jp"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429044/; classtype:trojan-activity;sid:81292144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.spc"; depth:8; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429041/; classtype:trojan-activity;sid:81292141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i686"; depth:9; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429040/; classtype:trojan-activity;sid:81292140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i586"; depth:9; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429039/; classtype:trojan-activity;sid:81292139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429038/; classtype:trojan-activity;sid:81292138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429037/; classtype:trojan-activity;sid:81292137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429036/; classtype:trojan-activity;sid:81292136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm6"; depth:9; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429035/; classtype:trojan-activity;sid:81292135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429034/; classtype:trojan-activity;sid:81292134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429032/; classtype:trojan-activity;sid:81292132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429031/; classtype:trojan-activity;sid:81292131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; http.host; content:"193.228.91.110"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429030/; classtype:trojan-activity;sid:81292130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/1w_e3f_4ftsf/"; depth:24; endswith; http.host; content:"xiangxiinfo.ac.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429028/; classtype:trojan-activity;sid:81292128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/f6q_kn_tqwx/"; depth:21; endswith; http.host; content:"lidoraggiodisole.it"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429026/; classtype:trojan-activity;sid:81292126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/bxe9u_i_n3y/"; depth:20; endswith; http.host; content:"halesplumbing.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429024/; classtype:trojan-activity;sid:81292124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/available_module/guarded_warehouse/45986600242432_kca3xvfmo/"; depth:69; endswith; http.host; content:"artaan.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429021/; classtype:trojan-activity;sid:81292121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.154.41.27"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429019/; classtype:trojan-activity;sid:81292119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.32.203.122"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429017/; classtype:trojan-activity;sid:81292117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.248.192.233"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429016/; classtype:trojan-activity;sid:81292116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.240.127"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429014/; classtype:trojan-activity;sid:81292114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.122.26.148"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429010/; classtype:trojan-activity;sid:81292110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.161.14.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429009/; classtype:trojan-activity;sid:81292109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.243.127.250"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429008/; classtype:trojan-activity;sid:81292108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.115.201.197"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429006/; classtype:trojan-activity;sid:81292106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.121.85.244"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429004/; classtype:trojan-activity;sid:81292104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.95.227.119"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429003/; classtype:trojan-activity;sid:81292103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.37"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429002/; classtype:trojan-activity;sid:81292102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.223.48.158"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429001/; classtype:trojan-activity;sid:81292101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.93.157.244"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428999/; classtype:trojan-activity;sid:81292099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.238.112.93"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428998/; classtype:trojan-activity;sid:81292098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.52.100.239"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428997/; classtype:trojan-activity;sid:81292097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"110.18.194.228"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428996/; classtype:trojan-activity;sid:81292096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.208.195.79"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428994/; classtype:trojan-activity;sid:81292094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/worksdoc/svchost.exe"; depth:21; endswith; http.host; content:"workfinestdyanotherrainbowlomoyent28grq.duckdns.org"; depth:51; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428993/; classtype:trojan-activity;sid:81292093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win32.exe"; depth:10; endswith; http.host; content:"requestforglasswarrantycertificateandlee.duckdns.org"; depth:52; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428992/; classtype:trojan-activity;sid:81292092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/b/fittingness.txt"; depth:37; endswith; http.host; content:"deporteshoy.com.ar"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428991/; classtype:trojan-activity;sid:81292091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/owininilogs.jpeg"; depth:19; endswith; http.host; content:"buyuniqueitem.in"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428990/; classtype:trojan-activity;sid:81292090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc/tinz_tbyslyy36.bin"; depth:22; endswith; http.host; content:"sknews.ddnsfree.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428985/; classtype:trojan-activity;sid:81292085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb/alix_xakuoptf33.bin"; depth:23; endswith; http.host; content:"bkbrske.gleeze.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428983/; classtype:trojan-activity;sid:81292083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vc/oshoox_goqubn178.bin"; depth:24; endswith; http.host; content:"sknews.ddnsfree.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428982/; classtype:trojan-activity;sid:81292082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb/arikk_qlxbvgphw49.bin"; depth:25; endswith; http.host; content:"bkbrske.gleeze.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428980/; classtype:trojan-activity;sid:81292080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ucexport=download|7c|26|7c|id=1fohrbmrt2t4-s9oquuhd2c8twslc5r8c"; depth:64; endswith; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428979/; classtype:trojan-activity;sid:81292079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin_ackdzuecun5.bin"; depth:20; endswith; http.host; content:"89.249.67.11"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428978/; classtype:trojan-activity;sid:81292078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/frankp%20new%20origin_dqgtsgtwz138.bin"; depth:48; endswith; http.host; content:"smarting.rs"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428977/; classtype:trojan-activity;sid:81292077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mainn/host_yqygjh74.bin"; depth:24; endswith; http.host; content:"learn.w3technologiz.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428976/; classtype:trojan-activity;sid:81292076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backk/host_yqygjh74.bin"; depth:24; endswith; http.host; content:"learn.w3technologiz.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428975/; classtype:trojan-activity;sid:81292075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/invoice/"; depth:13; endswith; http.host; content:"ercey.com.tr"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428972/; classtype:trojan-activity;sid:81292072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/open-module/external-portal/873fiybzu-rqp6818va86/"; depth:58; endswith; http.host; content:"drakensykh.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428970/; classtype:trojan-activity;sid:81292070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"68.151.244.128"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428969/; classtype:trojan-activity;sid:81292069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.174.143"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428968/; classtype:trojan-activity;sid:81292068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.116.215.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428964/; classtype:trojan-activity;sid:81292064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl"; depth:36; endswith; http.host; content:"185.172.110.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428961/; classtype:trojan-activity;sid:81292061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/library/4050144136_8gfwb83ruuls_25515593738_seu2odbr/external_profile/kcsyogxc8_951y0z96z859uw/"; depth:96; endswith; http.host; content:"www.naayers.org"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428944/; classtype:trojan-activity;sid:81292044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/protected-disk/guarded-forum/gruepf98d4wq-sw3642u8vttws/"; depth:68; endswith; http.host; content:"multi-medical.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428943/; classtype:trojan-activity;sid:81292043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.230.175.10"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428942/; classtype:trojan-activity;sid:81292042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.118.121.22"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428941/; classtype:trojan-activity;sid:81292041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"87.253.16.119"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428936/; classtype:trojan-activity;sid:81292036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.111.47.40"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/428935/; classtype:trojan-activity;sid:81292035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/doc/pz8erjly/gc0y44176765446824815hh5a2sytwlpvnqbjkr/"; depth:63; endswith; http.host; content:"nosolodeejays.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428931/; classtype:trojan-activity;sid:81292031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/common-array/close-area/qjk5azrido0m-ilfrgbunrfp0m/"; depth:60; endswith; http.host; content:"nagevicius.lt"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428930/; classtype:trojan-activity;sid:81292030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xxx0xxxasdajshdsajhkgdja/m3th.arm"; depth:35; endswith; http.host; content:"185.172.110.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428929/; classtype:trojan-activity;sid:81292029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/report/"; depth:17; endswith; http.host; content:"nsede.nl"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428928/; classtype:trojan-activity;sid:81292028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/closed_tpc2xjdr7wg32_2jby822im9m/ioyncf_m50cmlmqizh6_forum/2942338_2lazitehcor/"; depth:86; endswith; http.host; content:"www.novaes.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428927/; classtype:trojan-activity;sid:81292027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/services/yuct20/"; depth:17; endswith; http.host; content:"agentsdirect.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428926/; classtype:trojan-activity;sid:81292026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/private-box/open-space/gcoc0108qeq3flm-w6w5z55933y/"; depth:59; endswith; http.host; content:"www.syowakogyo.co.jp"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428925/; classtype:trojan-activity;sid:81292025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/promocao/open_disk/close_forum/30073717_convc19wo/"; depth:51; endswith; http.host; content:"planartgrafica.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428924/; classtype:trojan-activity;sid:81292024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/promocao/file/dmu8lb02/"; depth:24; endswith; http.host; content:"paisefilhossm.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428923/; classtype:trojan-activity;sid:81292023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dos/personal_disk/close_e0wdm79exhxr77y_4e3hssck9e/xwfqktgsbcmd_woimekiiomtiq/"; depth:79; endswith; http.host; content:"proyectoin.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428922/; classtype:trojan-activity;sid:81292022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/certificates/qzafeeik/"; depth:35; endswith; http.host; content:"www.trustlancers.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428921/; classtype:trojan-activity;sid:81292021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/config/mkgspn/"; depth:15; endswith; http.host; content:"focus123.mycpanel.rs"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428920/; classtype:trojan-activity;sid:81292020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/zirl02193/"; depth:20; endswith; http.host; content:"ipolymer.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428919/; classtype:trojan-activity;sid:81292019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/f9jp11mf09787216/"; depth:29; endswith; http.host; content:"kalulu.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428918/; classtype:trojan-activity;sid:81292018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/2wz1ptfqjd268175627/"; depth:33; endswith; http.host; content:"vmkvi.ga"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428917/; classtype:trojan-activity;sid:81292017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s77d05mj140/invoice/gz7sn2qe6/"; depth:31; endswith; http.host; content:"probound.com.au"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428916/; classtype:trojan-activity;sid:81292016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/bgs_bpijrowo4143s2x_9adi_f4kk8/guarded_profile/8314217731822_7dmgpe/"; depth:80; endswith; http.host; content:"realistickeportrety.sk"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428915/; classtype:trojan-activity;sid:81292015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ld/llc/8p1508b4/rcbxt3o3012561070594428gkgz60z55q9ip/"; depth:54; endswith; http.host; content:"solarisenergy.biz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428914/; classtype:trojan-activity;sid:81292014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/llc/"; depth:17; endswith; http.host; content:"rassow.de"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428913/; classtype:trojan-activity;sid:81292013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/d9ichilg_oxjvczefwkz3_disk/verifiable_profile/r1tqpew_kbk3ibzsxe/"; depth:80; endswith; http.host; content:"rnetwork.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428912/; classtype:trojan-activity;sid:81292012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/scan/"; depth:14; endswith; http.host; content:"web-extend.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428911/; classtype:trojan-activity;sid:81292011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/zo543697/"; depth:16; endswith; http.host; content:"idilsoft.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428910/; classtype:trojan-activity;sid:81292010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/f4cg47107/"; depth:18; endswith; http.host; content:"www.gothamsoccer.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428909/; classtype:trojan-activity;sid:81292009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/bjmp5490/"; depth:13; endswith; http.host; content:"www.visu-all.ch"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428908/; classtype:trojan-activity;sid:81292008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adsl/aj55/"; depth:11; endswith; http.host; content:"ikari24.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428907/; classtype:trojan-activity;sid:81292007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abouts/g56g/"; depth:13; endswith; http.host; content:"hawkinshomes.net"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428906/; classtype:trojan-activity;sid:81292006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kanbanemacao/ozacquqhs8rbdv/zimsk826y/"; depth:39; endswith; http.host; content:"rodrigozambon.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428905/; classtype:trojan-activity;sid:81292005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca/al4_9dxus_dj5wer6/"; depth:22; endswith; http.host; content:"arkamedia.pl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428904/; classtype:trojan-activity;sid:81292004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ancjr/0_v7mg_67py692cs/"; depth:24; endswith; http.host; content:"blog.funarbe.org.br"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428903/; classtype:trojan-activity;sid:81292003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/pkhqz_z6_5rlkm/"; depth:25; endswith; http.host; content:"csmbuildersllc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428902/; classtype:trojan-activity;sid:81292002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/1wk_4_u6/"; depth:19; endswith; http.host; content:"jesstalk.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428901/; classtype:trojan-activity;sid:81292001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crm/52p1_drac_sc9/"; depth:19; endswith; http.host; content:"justinkongyt.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428900/; classtype:trojan-activity;sid:81292000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image/private-module/close-profile/qey9knyei-7xww5x547/"; depth:56; endswith; http.host; content:"clutchinc.net"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428899/; classtype:trojan-activity;sid:81291999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intranet/k8rsfi3w/"; depth:19; endswith; http.host; content:"imputre.cl"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428898/; classtype:trojan-activity;sid:81291998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adminpanel/available_67388435_xaoch/333809827248_cuj7xtrl_area/a9vyh1n7_5yw3x131vuy0/"; depth:86; endswith; http.host; content:"kottonhood.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428897/; classtype:trojan-activity;sid:81291997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accounts/common_27542968008_e4bkawco/verifiable_782922448_l8ajirnl2/rqbboawsxa_8tngcd9mryz1/"; depth:93; endswith; http.host; content:"pgwebhost.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428896/; classtype:trojan-activity;sid:81291996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/statement/au86aq/y0rou979831170823682rsn9yfngdxudq4g8pi/"; depth:65; endswith; http.host; content:"martialarts.com.my"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428895/; classtype:trojan-activity;sid:81291995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anna/571796010191_gxyia_box/una34f2_jseknxdoo_forum/cebz9qn_i1fl2mga1vuix/"; depth:75; endswith; http.host; content:"powerfrog.net"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428894/; classtype:trojan-activity;sid:81291994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"118.163.239.212"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428893/; classtype:trojan-activity;sid:81291993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phyllis/attachments/mw7a71/"; depth:28; endswith; http.host; content:"salas.co.uk"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428892/; classtype:trojan-activity;sid:81291992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resumen-uso-inodos/personal-disk/close-area/niotvk4irg-xk7h43l0ig/"; depth:67; endswith; http.host; content:"rukanet.cl"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428891/; classtype:trojan-activity;sid:81291991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/kgg77jyms71/egv1961065897944177sid0lbzdqe1k8/"; depth:56; endswith; http.host; content:"ashleyrich.me.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428890/; classtype:trojan-activity;sid:81291990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/reporting/urnfkkuc5/84nnboi6270677289250466xmt9f96ap8tx7vrt14/"; depth:74; endswith; http.host; content:"jszzbedu.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428889/; classtype:trojan-activity;sid:81291989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ynwpf/docs/"; depth:12; endswith; http.host; content:"riyazsahaab.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428888/; classtype:trojan-activity;sid:81291988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system/open-57535429671-0vpfw/close-71234054-0gnauc/bz2-uvut392xxs8v/"; depth:70; endswith; http.host; content:"fredericportier.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428887/; classtype:trojan-activity;sid:81291987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tempimages/inc/8gsi3agfd/7c2810959043341ipjww6ove2sad12oy/"; depth:59; endswith; http.host; content:"gelatoboutique.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428886/; classtype:trojan-activity;sid:81291986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beheer/private_section/test_cloud/989236811678_dbkiugmlqcv4/"; depth:61; endswith; http.host; content:"hendriks-it.nl"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428883/; classtype:trojan-activity;sid:81291983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/browse/"; depth:16; endswith; http.host; content:"bramaza.nl"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428882/; classtype:trojan-activity;sid:81291982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/closed-sector/open-cloud/6072119893592-lrqyhig/"; depth:59; endswith; http.host; content:"lillys.nl"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428881/; classtype:trojan-activity;sid:81291981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/overview/"; depth:14; endswith; http.host; content:"tanveerkhaira.org"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428880/; classtype:trojan-activity;sid:81291980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loveclarification.info/personal_box/71axzadb_vprbetiuj_space/88mdbgv7k5ac_om99xbt5hthg23/"; depth:90; endswith; http.host; content:"tadur.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428879/; classtype:trojan-activity;sid:81291979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erros/public/i41i2gr410013540437scbf3j1z20h24ib/"; depth:49; endswith; http.host; content:"tecnoservicebrasil.com.br"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428878/; classtype:trojan-activity;sid:81291978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmirtim/invoice-30049798728276548687687638763897872/zip/master"; depth:64; endswith; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428877/; classtype:trojan-activity;sid:81291977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/8c9d-fsqippbnba2m4-array/corporate-profile/26626926887-pahh7q4l1x5a/"; depth:77; endswith; http.host; content:"tonique.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428876/; classtype:trojan-activity;sid:81291976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newfolde_r/swift/"; depth:18; endswith; http.host; content:"timzone.net"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428875/; classtype:trojan-activity;sid:81291975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/personal_array/external_profile/et6_tv4218/"; depth:53; endswith; http.host; content:"griyait.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428874/; classtype:trojan-activity;sid:81291974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/hd722bzyx70/"; depth:27; endswith; http.host; content:"welcomehouse.ca"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428873/; classtype:trojan-activity;sid:81291973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.179.201"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428872/; classtype:trojan-activity;sid:81291972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.125"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428871/; classtype:trojan-activity;sid:81291971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.50.87"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428870/; classtype:trojan-activity;sid:81291970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.221.220.2"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428869/; classtype:trojan-activity;sid:81291969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.185.193.48"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428868/; classtype:trojan-activity;sid:81291968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats-json/invoice/wr32ce5/"; depth:28; endswith; http.host; content:"albazai.com.sa"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428867/; classtype:trojan-activity;sid:81291967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/yn1935885563705577regtzs8jyt/"; depth:41; endswith; http.host; content:"damix.com.pl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428866/; classtype:trojan-activity;sid:81291966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; http.host; content:"185.92.223.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428865/; classtype:trojan-activity;sid:81291965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; http.host; content:"185.92.223.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428864/; classtype:trojan-activity;sid:81291964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; http.host; content:"185.92.223.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428863/; classtype:trojan-activity;sid:81291963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_r/protected-box/test-forum/botk44hrnsd-lngy90mv46kjv/"; depth:55; endswith; http.host; content:"cricketodds.in"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428862/; classtype:trojan-activity;sid:81291962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; http.host; content:"185.92.223.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428861/; classtype:trojan-activity;sid:81291961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; http.host; content:"185.92.223.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428860/; classtype:trojan-activity;sid:81291960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; http.host; content:"185.92.223.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428859/; classtype:trojan-activity;sid:81291959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/interior/overview/"; depth:19; endswith; http.host; content:"artisan.com.sa"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428858/; classtype:trojan-activity;sid:81291958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quotation2.exe"; depth:15; endswith; http.host; content:"brandotoday.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428857/; classtype:trojan-activity;sid:81291957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erros/kktp3o8n_f0153augs487_sector/guarded_portal/ioobrybdi22zy0t_x1s5/"; depth:72; endswith; http.host; content:"popprint.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428856/; classtype:trojan-activity;sid:81291956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/urmuzwoun/"; depth:16; endswith; http.host; content:"steil.ca"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428855/; classtype:trojan-activity;sid:81291955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/private_section/individual_cloud/996891048_jppkbpl9/"; depth:64; endswith; http.host; content:"pioneerrealtycapital.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428854/; classtype:trojan-activity;sid:81291954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/provisorio/docs/mq57mhq07gy/"; depth:29; endswith; http.host; content:"www.actacomunicacao.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428853/; classtype:trojan-activity;sid:81291953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/generall/file/6h4j6p/"; depth:22; endswith; http.host; content:"wordpress.blog.tylerhalstead.com"; depth:32; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428852/; classtype:trojan-activity;sid:81291952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats-json/invoice/wr32ce5/"; depth:28; endswith; http.host; content:"albazai.com.sa"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428849/; classtype:trojan-activity;sid:81291949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ms/43zbd-t76-362/"; depth:18; endswith; http.host; content:"niku-q.co.jp"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428848/; classtype:trojan-activity;sid:81291948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/zhaxtdwqk/"; depth:23; endswith; http.host; content:"wjcomms.co.uk"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428847/; classtype:trojan-activity;sid:81291947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_0ld/uvor1c_rc5tkhqsxfsukx_dj_e0v2epitz8jwgi35/individual_182838094691_p3ibmvfsoxdaqg/elj_zzy3tv556/"; depth:101; endswith; http.host; content:"udon.com.br"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428846/; classtype:trojan-activity;sid:81291946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdzmomciu/111111.png"; depth:21; endswith; http.host; content:"kpisolutions.net"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428845/; classtype:trojan-activity;sid:81291945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/payment/8iw6d263245334559dxscciyujunj/"; depth:47; endswith; http.host; content:"www.asadedektor.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428844/; classtype:trojan-activity;sid:81291944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqyyn/docs/c94c1ldny/"; depth:22; endswith; http.host; content:"puzzlez.co"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428843/; classtype:trojan-activity;sid:81291943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/overview/"; depth:19; endswith; http.host; content:"ypvps.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428842/; classtype:trojan-activity;sid:81291942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extra-varnish/open_sector/special_portal/ff4adbz_yjnhqg75bsi8/"; depth:63; endswith; http.host; content:"cartografialeai.iibi.unam.mx"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428841/; classtype:trojan-activity;sid:81291941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/protected_disk/547371_eagdspb4n_area/qunl35_bhlk9r6rkmm/"; depth:64; endswith; http.host; content:"www.educationtak.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428840/; classtype:trojan-activity;sid:81291940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wlvuoejtsn/8888888.png"; depth:23; endswith; http.host; content:"peachlotus.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428839/; classtype:trojan-activity;sid:81291939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/csviaontpuaa/8888888.png"; depth:25; endswith; http.host; content:"e-giftcardmall.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428838/; classtype:trojan-activity;sid:81291938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlbefonyjw/8888888.png"; depth:23; endswith; http.host; content:"languagearts.institute"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428837/; classtype:trojan-activity;sid:81291937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbuapmdxz/8888888.png"; depth:22; endswith; http.host; content:"apsclothing.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428836/; classtype:trojan-activity;sid:81291936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mwykjfl/8888888.png"; depth:20; endswith; http.host; content:"coach4u.com.au"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428835/; classtype:trojan-activity;sid:81291935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yejkjuwh/8888888.png"; depth:21; endswith; http.host; content:"adept-partners.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428834/; classtype:trojan-activity;sid:81291934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/te_xavm_box/external_profile/1o12g_wuw9wz/"; depth:54; endswith; http.host; content:"olmaa.info"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428833/; classtype:trojan-activity;sid:81291933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site_antigo/attachments/"; depth:25; endswith; http.host; content:"labaremn.ufba.br"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428832/; classtype:trojan-activity;sid:81291932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fgtvmolzbv/111111.png"; depth:22; endswith; http.host; content:"fgyapim.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428830/; classtype:trojan-activity;sid:81291930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ekzjzoqo/1111.png"; depth:18; endswith; http.host; content:"auto-boot-like.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428829/; classtype:trojan-activity;sid:81291929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sfuwip/111111.png"; depth:18; endswith; http.host; content:"atomic-soft.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428828/; classtype:trojan-activity;sid:81291928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgxielmhgiws/11111.png"; depth:23; endswith; http.host; content:"salamatbanoo.ir"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428827/; classtype:trojan-activity;sid:81291927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qi5hynkyla/18275558/5k3ruwgzv6/"; depth:32; endswith; http.host; content:"krayker.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428826/; classtype:trojan-activity;sid:81291926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eguwt/11111.png"; depth:16; endswith; http.host; content:"www.xinwenlook.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428825/; classtype:trojan-activity;sid:81291925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oldsite/rchq-9g-7182/"; depth:22; endswith; http.host; content:"nickjehlen.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428824/; classtype:trojan-activity;sid:81291924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/l5nlu9hohls2/"; depth:30; endswith; http.host; content:"quarksolutions.in"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428823/; classtype:trojan-activity;sid:81291923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ijek/multifunctional_resource/interior_profile/6d2dzxc_sqg3cudllizc7/"; depth:70; endswith; http.host; content:"foston.qc-care.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428822/; classtype:trojan-activity;sid:81291922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/common_1suybnhgg_pe6ktacsemul8977/security_profile/ti6aru5ygj_kgnek49vn/"; depth:84; endswith; http.host; content:"www.782198.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428821/; classtype:trojan-activity;sid:81291921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp2pp/report/f78hmk6u3sq9/"; depth:27; endswith; http.host; content:"crmdevelopments.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428820/; classtype:trojan-activity;sid:81291920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w58/multifunctional_section/53284147371_9ouhevlp79pqghz_area/5gm_18yzw24s/"; depth:75; endswith; http.host; content:"cryptos-paradise.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428819/; classtype:trojan-activity;sid:81291919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wqa0hhqk1b394/"; depth:24; endswith; http.host; content:"leeannmariephotography.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428818/; classtype:trojan-activity;sid:81291918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/jinppxzg5770518/"; depth:21; endswith; http.host; content:"vincebalk.nl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428817/; classtype:trojan-activity;sid:81291917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check-in/brea/"; depth:15; endswith; http.host; content:"lemosoutdoor.com.br"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428816/; classtype:trojan-activity;sid:81291916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/twjxgqin/"; depth:19; endswith; http.host; content:"ustaburda.net"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428815/; classtype:trojan-activity;sid:81291915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qstk/"; depth:6; endswith; http.host; content:"krabitourtransfer.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428814/; classtype:trojan-activity;sid:81291914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fmkmz/uhqjk8rsfi3w/"; depth:20; endswith; http.host; content:"vereadorgilbertomelo.com.br"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428813/; classtype:trojan-activity;sid:81291913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morgans/dq/"; depth:12; endswith; http.host; content:"interwebr.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428812/; classtype:trojan-activity;sid:81291912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/dplyvud/"; depth:12; endswith; http.host; content:"esrmotors.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428811/; classtype:trojan-activity;sid:81291911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/uy/"; depth:16; endswith; http.host; content:"www.boekjereis.net"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428810/; classtype:trojan-activity;sid:81291910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/signaturepics.73ca/fr238/"; depth:26; endswith; http.host; content:"plasticindustries.net"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428809/; classtype:trojan-activity;sid:81291909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ke11/"; depth:14; endswith; http.host; content:"imwebpros.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428808/; classtype:trojan-activity;sid:81291908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phpmyadminold/config/ddmwetkwa/"; depth:32; endswith; http.host; content:"pomerenke.de"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428807/; classtype:trojan-activity;sid:81291907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/na9-dz86-5951/"; depth:23; endswith; http.host; content:"trappie.nl"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428806/; classtype:trojan-activity;sid:81291906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phone/nc-emxv-402/"; depth:19; endswith; http.host; content:"paulmercier.biz"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428805/; classtype:trojan-activity;sid:81291905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jubcw/pdwd/"; depth:12; endswith; http.host; content:"just-astrology.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428804/; classtype:trojan-activity;sid:81291904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/8fvcr5l0-eon2-83/"; depth:29; endswith; http.host; content:"crimecheckghana.org"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428803/; classtype:trojan-activity;sid:81291903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/completion/epcb-ily9r-86321/"; depth:29; endswith; http.host; content:"cefopec.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428802/; classtype:trojan-activity;sid:81291902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hqzfg/z_ya_xkjx5/"; depth:18; endswith; http.host; content:"slimgenemd.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428801/; classtype:trojan-activity;sid:81291901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/fotes_4l_enxguwo/"; depth:26; endswith; http.host; content:"onyourleftracing.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428800/; classtype:trojan-activity;sid:81291900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/aidu_9c8_rrlp/"; depth:27; endswith; http.host; content:"kinotheque.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428799/; classtype:trojan-activity;sid:81291899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/9yxsy_nq02_x2tv/"; depth:25; endswith; http.host; content:"kachetemarketing.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428798/; classtype:trojan-activity;sid:81291898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/rm1q_q6x4_l5/"; depth:25; endswith; http.host; content:"iraniansk.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428797/; classtype:trojan-activity;sid:81291897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/inc/kp19w2w1fjb/"; depth:24; endswith; http.host; content:"expresstv.ma"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428796/; classtype:trojan-activity;sid:81291896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/ulg55n-sul3i2bvdx-disk/test-forum/ztg1m7esxn-sys585z84u/"; depth:62; endswith; http.host; content:"omegaconsultoriacontabil.com.br"; depth:31; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428795/; classtype:trojan-activity;sid:81291895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/o7aongkh4tx9til-3o9tgh1-zone/guarded-warehouse/jye1kem5ks-xy0x0901/"; depth:80; endswith; http.host; content:"hebasharkas.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428794/; classtype:trojan-activity;sid:81291894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hxdwftmko/personal-resource/interior-space/7084019-cckvtb1aou/"; depth:63; endswith; http.host; content:"paroquiasirmas.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428793/; classtype:trojan-activity;sid:81291893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmecw/334680/"; depth:14; endswith; http.host; content:"tpl-hose.ir"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428792/; classtype:trojan-activity;sid:81291892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/open-box/special-portal/1wbu-1svs9/"; depth:47; endswith; http.host; content:"ymgggp.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428791/; classtype:trojan-activity;sid:81291891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats-json/invoice/wr32ce5/"; depth:28; endswith; http.host; content:"www.albazai.com.sa"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428790/; classtype:trojan-activity;sid:81291890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/craigslist/inc/"; depth:16; endswith; http.host; content:"dougsuniverse.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428789/; classtype:trojan-activity;sid:81291889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twjaf/document/zs9iud68m1k/"; depth:28; endswith; http.host; content:"shopceiling.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428788/; classtype:trojan-activity;sid:81291888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zprxd/fvc3l_igqc9lrt0usos_bh9w3g0m_9bavzk0h/test_forum/04200493768_kaetzdlm/"; depth:77; endswith; http.host; content:"demo.boxinn.lt"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428787/; classtype:trojan-activity;sid:81291887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nry2na/document/ygio6vc2775117074rebmz1s5dya7z8lde6/"; depth:53; endswith; http.host; content:"boxinn.lt"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428786/; classtype:trojan-activity;sid:81291886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/multifunctional_resource/65100073326_jwxenzjy_forum/71l2ewpzm4lssu_6wxtt/"; depth:82; endswith; http.host; content:"felicienne.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428785/; classtype:trojan-activity;sid:81291885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/closed_array/verifiable_7628482_g3czsmsb5zdx5/70877287274_on1iiuit/"; depth:77; endswith; http.host; content:"banglagolpo.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428784/; classtype:trojan-activity;sid:81291884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/multifunctional_zone/test_cloud/338222_ey5fnvesbvxhcg/"; depth:66; endswith; http.host; content:"linkintec.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428783/; classtype:trojan-activity;sid:81291883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/documentation/"; depth:23; endswith; http.host; content:"octaitsolutions.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428782/; classtype:trojan-activity;sid:81291882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/luhsuklh37_lu3drwhsa8lqh_disk/open_46634167_akqlurn/4sabsj7sj_1cllyhxcrdh39/"; depth:86; endswith; http.host; content:"bgbg.us"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428781/; classtype:trojan-activity;sid:81291881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/y0795136367806rpoirwuxeggok2x5/"; depth:43; endswith; http.host; content:"www.bowimi.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428780/; classtype:trojan-activity;sid:81291880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/multifunctional-resource/additional-cloud/gi4brkl-j4c6n2elj99u/"; depth:75; endswith; http.host; content:"ahallya.in"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428779/; classtype:trojan-activity;sid:81291879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/payment/"; depth:15; endswith; http.host; content:"thereceptionathens.eu"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428778/; classtype:trojan-activity;sid:81291878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428777/; classtype:trojan-activity;sid:81291877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428776/; classtype:trojan-activity;sid:81291876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428775/; classtype:trojan-activity;sid:81291875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428774/; classtype:trojan-activity;sid:81291874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428773/; classtype:trojan-activity;sid:81291873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428772/; classtype:trojan-activity;sid:81291872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428771/; classtype:trojan-activity;sid:81291871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428770/; classtype:trojan-activity;sid:81291870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428769/; classtype:trojan-activity;sid:81291869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428768/; classtype:trojan-activity;sid:81291868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428767/; classtype:trojan-activity;sid:81291867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428766/; classtype:trojan-activity;sid:81291866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428765/; classtype:trojan-activity;sid:81291865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428764/; classtype:trojan-activity;sid:81291864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428763/; classtype:trojan-activity;sid:81291863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428762/; classtype:trojan-activity;sid:81291862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428761/; classtype:trojan-activity;sid:81291861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"vq22znt.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428760/; classtype:trojan-activity;sid:81291860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428759/; classtype:trojan-activity;sid:81291859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428758/; classtype:trojan-activity;sid:81291858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428757/; classtype:trojan-activity;sid:81291857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428756/; classtype:trojan-activity;sid:81291856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428755/; classtype:trojan-activity;sid:81291855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428754/; classtype:trojan-activity;sid:81291854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428753/; classtype:trojan-activity;sid:81291853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428752/; classtype:trojan-activity;sid:81291852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428751/; classtype:trojan-activity;sid:81291851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428750/; classtype:trojan-activity;sid:81291850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428749/; classtype:trojan-activity;sid:81291849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428748/; classtype:trojan-activity;sid:81291848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428747/; classtype:trojan-activity;sid:81291847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428746/; classtype:trojan-activity;sid:81291846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428745/; classtype:trojan-activity;sid:81291845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428744/; classtype:trojan-activity;sid:81291844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428743/; classtype:trojan-activity;sid:81291843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"rrn0xm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428742/; classtype:trojan-activity;sid:81291842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428741/; classtype:trojan-activity;sid:81291841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428740/; classtype:trojan-activity;sid:81291840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428739/; classtype:trojan-activity;sid:81291839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428738/; classtype:trojan-activity;sid:81291838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428737/; classtype:trojan-activity;sid:81291837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428736/; classtype:trojan-activity;sid:81291836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428735/; classtype:trojan-activity;sid:81291835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428734/; classtype:trojan-activity;sid:81291834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428733/; classtype:trojan-activity;sid:81291833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428732/; classtype:trojan-activity;sid:81291832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428731/; classtype:trojan-activity;sid:81291831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428730/; classtype:trojan-activity;sid:81291830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428729/; classtype:trojan-activity;sid:81291829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428728/; classtype:trojan-activity;sid:81291828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428727/; classtype:trojan-activity;sid:81291827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428726/; classtype:trojan-activity;sid:81291826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428725/; classtype:trojan-activity;sid:81291825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"q5pv4v.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428724/; classtype:trojan-activity;sid:81291824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old/0txqt-2nh5kl6x-zwo-b8bxafnx3aj/open-portal/ki1ys-jn4i1i2ful81ik/"; depth:69; endswith; http.host; content:"themarketpedia.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428723/; classtype:trojan-activity;sid:81291823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auazz/lh7tsj7bue/ag1z00871307246nnreiw6842rq6fv3jw5d/"; depth:54; endswith; http.host; content:"covidproduct.in"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428722/; classtype:trojan-activity;sid:81291822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428721/; classtype:trojan-activity;sid:81291821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428720/; classtype:trojan-activity;sid:81291820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428719/; classtype:trojan-activity;sid:81291819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428718/; classtype:trojan-activity;sid:81291818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428717/; classtype:trojan-activity;sid:81291817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428716/; classtype:trojan-activity;sid:81291816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428715/; classtype:trojan-activity;sid:81291815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428714/; classtype:trojan-activity;sid:81291814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428713/; classtype:trojan-activity;sid:81291813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428712/; classtype:trojan-activity;sid:81291812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428711/; classtype:trojan-activity;sid:81291811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428710/; classtype:trojan-activity;sid:81291810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428709/; classtype:trojan-activity;sid:81291809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428708/; classtype:trojan-activity;sid:81291808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428707/; classtype:trojan-activity;sid:81291807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428706/; classtype:trojan-activity;sid:81291806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428705/; classtype:trojan-activity;sid:81291805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"malat0h.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428704/; classtype:trojan-activity;sid:81291804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428703/; classtype:trojan-activity;sid:81291803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428702/; classtype:trojan-activity;sid:81291802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428701/; classtype:trojan-activity;sid:81291801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428700/; classtype:trojan-activity;sid:81291800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428699/; classtype:trojan-activity;sid:81291799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428698/; classtype:trojan-activity;sid:81291798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428697/; classtype:trojan-activity;sid:81291797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428696/; classtype:trojan-activity;sid:81291796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428695/; classtype:trojan-activity;sid:81291795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428694/; classtype:trojan-activity;sid:81291794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428693/; classtype:trojan-activity;sid:81291793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428692/; classtype:trojan-activity;sid:81291792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428691/; classtype:trojan-activity;sid:81291791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428690/; classtype:trojan-activity;sid:81291790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428689/; classtype:trojan-activity;sid:81291789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428688/; classtype:trojan-activity;sid:81291788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428687/; classtype:trojan-activity;sid:81291787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"kwmknxy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428686/; classtype:trojan-activity;sid:81291786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/multifunctional-array/additional-space/5652721279-tplnimqgjsop7paf/"; depth:76; endswith; http.host; content:"expressmotorbikesolicitor.co.uk"; depth:31; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428685/; classtype:trojan-activity;sid:81291785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428684/; classtype:trojan-activity;sid:81291784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428683/; classtype:trojan-activity;sid:81291783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428682/; classtype:trojan-activity;sid:81291782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428681/; classtype:trojan-activity;sid:81291781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428680/; classtype:trojan-activity;sid:81291780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428679/; classtype:trojan-activity;sid:81291779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428678/; classtype:trojan-activity;sid:81291778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428677/; classtype:trojan-activity;sid:81291777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428676/; classtype:trojan-activity;sid:81291776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428675/; classtype:trojan-activity;sid:81291775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428674/; classtype:trojan-activity;sid:81291774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428673/; classtype:trojan-activity;sid:81291773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428672/; classtype:trojan-activity;sid:81291772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428671/; classtype:trojan-activity;sid:81291771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428670/; classtype:trojan-activity;sid:81291770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428669/; classtype:trojan-activity;sid:81291769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428668/; classtype:trojan-activity;sid:81291768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"kgzz30.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428667/; classtype:trojan-activity;sid:81291767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428666/; classtype:trojan-activity;sid:81291766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428665/; classtype:trojan-activity;sid:81291765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428664/; classtype:trojan-activity;sid:81291764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428663/; classtype:trojan-activity;sid:81291763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428662/; classtype:trojan-activity;sid:81291762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428661/; classtype:trojan-activity;sid:81291761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428660/; classtype:trojan-activity;sid:81291760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428659/; classtype:trojan-activity;sid:81291759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428658/; classtype:trojan-activity;sid:81291758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428657/; classtype:trojan-activity;sid:81291757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428656/; classtype:trojan-activity;sid:81291756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428655/; classtype:trojan-activity;sid:81291755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428654/; classtype:trojan-activity;sid:81291754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428653/; classtype:trojan-activity;sid:81291753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428652/; classtype:trojan-activity;sid:81291752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428651/; classtype:trojan-activity;sid:81291751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428650/; classtype:trojan-activity;sid:81291750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"dtin0r.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428649/; classtype:trojan-activity;sid:81291749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428648/; classtype:trojan-activity;sid:81291748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428647/; classtype:trojan-activity;sid:81291747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428646/; classtype:trojan-activity;sid:81291746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428645/; classtype:trojan-activity;sid:81291745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428644/; classtype:trojan-activity;sid:81291744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428643/; classtype:trojan-activity;sid:81291743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428642/; classtype:trojan-activity;sid:81291742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428641/; classtype:trojan-activity;sid:81291741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428640/; classtype:trojan-activity;sid:81291740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428639/; classtype:trojan-activity;sid:81291739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428638/; classtype:trojan-activity;sid:81291738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428637/; classtype:trojan-activity;sid:81291737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428636/; classtype:trojan-activity;sid:81291736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428635/; classtype:trojan-activity;sid:81291735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428634/; classtype:trojan-activity;sid:81291734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428633/; classtype:trojan-activity;sid:81291733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif.2cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428632/; classtype:trojan-activity;sid:81291732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"bz3p06l.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428631/; classtype:trojan-activity;sid:81291731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/closed-zone/special-cloud/6doydcjuly-u867ut/"; depth:57; endswith; http.host; content:"peduliumat.online"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428630/; classtype:trojan-activity;sid:81291730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/document/y5ug9c/"; depth:36; endswith; http.host; content:"wlpayments.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428629/; classtype:trojan-activity;sid:81291729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/jm9oktbe-tjkzuye7nfelmd-array/open-cloud/56294560227459-wdauw8b9k00cd/"; depth:90; endswith; http.host; content:"tastes2plate.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428628/; classtype:trojan-activity;sid:81291728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/esp/"; depth:14; endswith; http.host; content:"ledecorate.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428627/; classtype:trojan-activity;sid:81291727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/common_5elaiw7w75_kkc0qlizwrrtkkx/test_area/2004192762_n5f0ohnt6wblpti/"; depth:81; endswith; http.host; content:"sipahielektrik.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428626/; classtype:trojan-activity;sid:81291726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats-json/invoice/wr32ce5/"; depth:28; endswith; http.host; content:"www.albazai.com.sa"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428625/; classtype:trojan-activity;sid:81291725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/workpics/personal_sector/security_area/qlwxf4h98_y33wjjrm7kkej/"; depth:64; endswith; http.host; content:"alientec.ch"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428624/; classtype:trojan-activity;sid:81291724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/flkibm/"; depth:17; endswith; http.host; content:"zcly.cn"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428623/; classtype:trojan-activity;sid:81291723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/termo/open_sector/43314643818_n9ebquad1p_fthiljdzjphqq_wft1z9kx/qgsbipr3orlcmk_27750sx/"; depth:88; endswith; http.host; content:"www.easyyourlife.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428622/; classtype:trojan-activity;sid:81291722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/craigslist/inc/"; depth:16; endswith; http.host; content:"www.dougsuniverse.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428621/; classtype:trojan-activity;sid:81291721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/font-awesome-4x/statement/6mpldr0/"; depth:35; endswith; http.host; content:"vacsew.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428620/; classtype:trojan-activity;sid:81291720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/docs/efm2qow9ba9/"; depth:25; endswith; http.host; content:"cemonline.co.uk"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428619/; classtype:trojan-activity;sid:81291719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sites/"; depth:19; endswith; http.host; content:"gulei.love"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428618/; classtype:trojan-activity;sid:81291718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/statement/14mrvlihfyj/c6jf6u30367549985540765nut61hmbchio2kdy53t/"; depth:77; endswith; http.host; content:"ozgbi.ru"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428617/; classtype:trojan-activity;sid:81291717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/scan/r38jlxynzh/"; depth:28; endswith; http.host; content:"gesocomputers.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428616/; classtype:trojan-activity;sid:81291716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin./kuvwzzu2x-6juqgbxz-disk/external-xgjk882-ncwp6m7kajztq/3487038-cvfhkget00lrk41a/"; depth:91; endswith; http.host; content:"gts-center.tj"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428615/; classtype:trojan-activity;sid:81291715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/promo/swift/"; depth:13; endswith; http.host; content:"adsens.eu"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428614/; classtype:trojan-activity;sid:81291714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.60.71"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428613/; classtype:trojan-activity;sid:81291713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.95.78.250"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428612/; classtype:trojan-activity;sid:81291712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.66.103.36"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428611/; classtype:trojan-activity;sid:81291711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.235.34.235"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428610/; classtype:trojan-activity;sid:81291710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.199.47"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428609/; classtype:trojan-activity;sid:81291709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428608/; classtype:trojan-activity;sid:81291708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428607/; classtype:trojan-activity;sid:81291707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428606/; classtype:trojan-activity;sid:81291706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428605/; classtype:trojan-activity;sid:81291705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428604/; classtype:trojan-activity;sid:81291704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428603/; classtype:trojan-activity;sid:81291703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428602/; classtype:trojan-activity;sid:81291702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428601/; classtype:trojan-activity;sid:81291701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428600/; classtype:trojan-activity;sid:81291700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428599/; classtype:trojan-activity;sid:81291699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428598/; classtype:trojan-activity;sid:81291698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428597/; classtype:trojan-activity;sid:81291697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428596/; classtype:trojan-activity;sid:81291696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428595/; classtype:trojan-activity;sid:81291695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428594/; classtype:trojan-activity;sid:81291694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428593/; classtype:trojan-activity;sid:81291693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428592/; classtype:trojan-activity;sid:81291692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"zr7y3f.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428591/; classtype:trojan-activity;sid:81291691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428590/; classtype:trojan-activity;sid:81291690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428589/; classtype:trojan-activity;sid:81291689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428588/; classtype:trojan-activity;sid:81291688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428587/; classtype:trojan-activity;sid:81291687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428586/; classtype:trojan-activity;sid:81291686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428585/; classtype:trojan-activity;sid:81291685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428584/; classtype:trojan-activity;sid:81291684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428583/; classtype:trojan-activity;sid:81291683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428582/; classtype:trojan-activity;sid:81291682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428581/; classtype:trojan-activity;sid:81291681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428580/; classtype:trojan-activity;sid:81291680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428579/; classtype:trojan-activity;sid:81291679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428578/; classtype:trojan-activity;sid:81291678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428577/; classtype:trojan-activity;sid:81291677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428576/; classtype:trojan-activity;sid:81291676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428575/; classtype:trojan-activity;sid:81291675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428574/; classtype:trojan-activity;sid:81291674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"wqu65x.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428573/; classtype:trojan-activity;sid:81291673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428572/; classtype:trojan-activity;sid:81291672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428571/; classtype:trojan-activity;sid:81291671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428570/; classtype:trojan-activity;sid:81291670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428569/; classtype:trojan-activity;sid:81291669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428568/; classtype:trojan-activity;sid:81291668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428567/; classtype:trojan-activity;sid:81291667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428566/; classtype:trojan-activity;sid:81291666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428565/; classtype:trojan-activity;sid:81291665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428564/; classtype:trojan-activity;sid:81291664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428563/; classtype:trojan-activity;sid:81291663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428562/; classtype:trojan-activity;sid:81291662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428561/; classtype:trojan-activity;sid:81291661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428560/; classtype:trojan-activity;sid:81291660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428559/; classtype:trojan-activity;sid:81291659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/esp/"; depth:11; endswith; http.host; content:"dgsb.net"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428558/; classtype:trojan-activity;sid:81291658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428557/; classtype:trojan-activity;sid:81291657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428556/; classtype:trojan-activity;sid:81291656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428555/; classtype:trojan-activity;sid:81291655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"ts0ev73.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428554/; classtype:trojan-activity;sid:81291654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428553/; classtype:trojan-activity;sid:81291653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428552/; classtype:trojan-activity;sid:81291652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428551/; classtype:trojan-activity;sid:81291651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428550/; classtype:trojan-activity;sid:81291650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428549/; classtype:trojan-activity;sid:81291649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428548/; classtype:trojan-activity;sid:81291648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428547/; classtype:trojan-activity;sid:81291647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428546/; classtype:trojan-activity;sid:81291646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428545/; classtype:trojan-activity;sid:81291645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428544/; classtype:trojan-activity;sid:81291644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428543/; classtype:trojan-activity;sid:81291643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428542/; classtype:trojan-activity;sid:81291642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428541/; classtype:trojan-activity;sid:81291641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428540/; classtype:trojan-activity;sid:81291640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/m5317428916643fg4qz11xkdwkjl/"; depth:41; endswith; http.host; content:"anime-sunday.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428539/; classtype:trojan-activity;sid:81291639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428538/; classtype:trojan-activity;sid:81291638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428537/; classtype:trojan-activity;sid:81291637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428536/; classtype:trojan-activity;sid:81291636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"rrn0sm7.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428535/; classtype:trojan-activity;sid:81291635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif18.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428534/; classtype:trojan-activity;sid:81291634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif17.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428533/; classtype:trojan-activity;sid:81291633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif16.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428532/; classtype:trojan-activity;sid:81291632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif15.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428531/; classtype:trojan-activity;sid:81291631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif14.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428530/; classtype:trojan-activity;sid:81291630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif13.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428529/; classtype:trojan-activity;sid:81291629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif12.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428528/; classtype:trojan-activity;sid:81291628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif11.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428527/; classtype:trojan-activity;sid:81291627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif10.cab"; depth:28; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428526/; classtype:trojan-activity;sid:81291626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif9.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428525/; classtype:trojan-activity;sid:81291625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif8.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428524/; classtype:trojan-activity;sid:81291624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif7.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428523/; classtype:trojan-activity;sid:81291623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif6.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428522/; classtype:trojan-activity;sid:81291622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif5.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428521/; classtype:trojan-activity;sid:81291621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif4.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428520/; classtype:trojan-activity;sid:81291620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif3.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428519/; classtype:trojan-activity;sid:81291619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif2.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428518/; classtype:trojan-activity;sid:81291618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peja/lezow.phpl=ryzif1.cab"; depth:27; endswith; http.host; content:"i0avgy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428517/; classtype:trojan-activity;sid:81291617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guejv/xzyd5646181399gkeh1pri6/"; depth:31; endswith; http.host; content:"uptechnology.com.br"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428516/; classtype:trojan-activity;sid:81291616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/common-box/close-xo3rk8qawc68-8cypb3v7s2bux/fkzxcktfjyt-zwk4ip8k/"; depth:77; endswith; http.host; content:"www.pharma-israel.org.il"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428515/; classtype:trojan-activity;sid:81291615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes./reporting/h4l669qqw8z/"; depth:36; endswith; http.host; content:"www.mdgretailer.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428514/; classtype:trojan-activity;sid:81291614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/47wxp4vsik-wai2qp83r-section/guarded-1kd69wo-x6oau0mfethe/dogs4tpgixcs-9r3pnng9dgb/"; depth:92; endswith; http.host; content:"pennyboldbridal.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428513/; classtype:trojan-activity;sid:81291613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/n08z62s191oaj/"; depth:21; endswith; http.host; content:"erminpark.co.uk"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428512/; classtype:trojan-activity;sid:81291612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/invoice/406ho57qv/"; depth:30; endswith; http.host; content:"hyfix.ai"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428511/; classtype:trojan-activity;sid:81291611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/public/"; depth:18; endswith; http.host; content:"tdi.com.vn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428510/; classtype:trojan-activity;sid:81291610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assinaturas/common-disk/special-oyrkhwb-qlgt95906mbasz/h82l6m37morinij-w7347xwz7v/"; depth:83; endswith; http.host; content:"www.agenciaeureka.com.br"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428509/; classtype:trojan-activity;sid:81291609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/parts_service/5afbbbt4r/"; depth:36; endswith; http.host; content:"grupocsc.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428508/; classtype:trojan-activity;sid:81291608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lp/multifunctional-module/external-180978-6ahoam1kij/zehz-tv3xy8/"; depth:66; endswith; http.host; content:"apuch.org"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428507/; classtype:trojan-activity;sid:81291607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagenes/izgq9byyt3qm/dm640645634686706tyhlnlgym6opde0fqdg/"; depth:60; endswith; http.host; content:"ajedrezenmorelos.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428506/; classtype:trojan-activity;sid:81291606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamaica/open_array/verifiable_forum/r9nyv_us467tv8/"; depth:52; endswith; http.host; content:"rmonline.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428505/; classtype:trojan-activity;sid:81291605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/parts_service/45ml1h6/"; depth:32; endswith; http.host; content:"agenciann.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428504/; classtype:trojan-activity;sid:81291604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maps/paclm/rqk1we4d/"; depth:21; endswith; http.host; content:"www.alberta02.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428503/; classtype:trojan-activity;sid:81291603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/personal_disk/85724585545_nkcvae3ztitw1g_844232_wbqyznooglmlkft/s88qgvs_2vsecbnovm/"; depth:92; endswith; http.host; content:"allthingsholistic.net"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428502/; classtype:trojan-activity;sid:81291602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/5z6e2/sp2896941199lxpxir0k/"; depth:31; endswith; http.host; content:"artforarchitects.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428501/; classtype:trojan-activity;sid:81291601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saderat-test/report/t451860130084842127pyp4i74mvzgn1cp/"; depth:56; endswith; http.host; content:"aranick.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428500/; classtype:trojan-activity;sid:81291600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/protected_box/external_s82ki_kgbmpcolo4/bfvvwjudg1c2oov_716yu5y/"; depth:74; endswith; http.host; content:"bestarchitectbuilders.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428499/; classtype:trojan-activity;sid:81291599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/yozhj4/"; depth:12; endswith; http.host; content:"baking-soda.nl"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428498/; classtype:trojan-activity;sid:81291598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caurina/doc/"; depth:13; endswith; http.host; content:"bhar.com.br"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428497/; classtype:trojan-activity;sid:81291597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vdo/available_array/additional_034007_m9ric8lrotneso/2097531_hxh6e/"; depth:68; endswith; http.host; content:"bomfuturoadesivos.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428496/; classtype:trojan-activity;sid:81291596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/"; depth:17; endswith; http.host; content:"balkanforumthess.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428495/; classtype:trojan-activity;sid:81291595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/hw-xiu-101/"; depth:20; endswith; http.host; content:"egger-kirchberg.ch"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428494/; classtype:trojan-activity;sid:81291594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rcayi/vryxfs/"; depth:14; endswith; http.host; content:"naturalworld1.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428493/; classtype:trojan-activity;sid:81291593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rcpxl/henco0-hv4lw-3135/"; depth:25; endswith; http.host; content:"mantra-cbd.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428492/; classtype:trojan-activity;sid:81291592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/thpn8-kbqar-371/"; depth:28; endswith; http.host; content:"anike-cafe.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428491/; classtype:trojan-activity;sid:81291591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/bmdqxkmg/"; depth:22; endswith; http.host; content:"superkusch.fun"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428490/; classtype:trojan-activity;sid:81291590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/lqa/"; depth:17; endswith; http.host; content:"poomcoop.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428489/; classtype:trojan-activity;sid:81291589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hana-sc/jfgrrog/"; depth:17; endswith; http.host; content:"mizuhosi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428488/; classtype:trojan-activity;sid:81291588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/6d1q-9il9e-3739/"; depth:29; endswith; http.host; content:"isnaider.templines.org"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428487/; classtype:trojan-activity;sid:81291587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index_files/doc/"; depth:17; endswith; http.host; content:"booksearch.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428486/; classtype:trojan-activity;sid:81291586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/private_module/b0oi5yrjo7_y5phg3qyqw_xtu9ve_atnvfrgsvnnraf/817360_rbwpp5ixtm645v/"; depth:91; endswith; http.host; content:"adunagow.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428485/; classtype:trojan-activity;sid:81291585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/public/ae2304430625215evlmtxfjkbn2bpous29yl/"; depth:53; endswith; http.host; content:"ourcityradio.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428484/; classtype:trojan-activity;sid:81291584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os5/llc/1jj3b36l36//"; depth:21; endswith; http.host; content:"mustardgarden.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428483/; classtype:trojan-activity;sid:81291583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/./lm/hcamt4cnqpga/"; depth:19; endswith; http.host; content:"ballsteponline24.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428482/; classtype:trojan-activity;sid:81291582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/closed_array/verifiable_7628482_g3czsmsb5zdx5/70877287274_on1iiuit/"; depth:77; endswith; http.host; content:"banglagolpo.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428481/; classtype:trojan-activity;sid:81291581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/307776952789-xkcm8x-array/individual-cloud/8488746362160-sfertpck68ns/"; depth:71; endswith; http.host; content:"mymendez.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428480/; classtype:trojan-activity;sid:81291580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ww12/closed-sector/individual-space/y4zmfrd5ggi7vies-u1s8/"; depth:59; endswith; http.host; content:"exfil.us"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428479/; classtype:trojan-activity;sid:81291579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/available_zone/individual_warehouse/2ytp_ux5t/"; depth:55; endswith; http.host; content:"buildingrobots.net"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428478/; classtype:trojan-activity;sid:81291578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/templates/file/fugz74z17419465a78ppjcfs/"; depth:41; endswith; http.host; content:"buesink.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428477/; classtype:trojan-activity;sid:81291577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/scan/"; depth:10; endswith; http.host; content:"camati.de"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428476/; classtype:trojan-activity;sid:81291576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/common-3h278a-gdhl/special-629665-6u9kppv6/23h1n-6w8y8vw76v/"; depth:72; endswith; http.host; content:"cecra.cl"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428475/; classtype:trojan-activity;sid:81291575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/lm/8fqr9id/"; depth:21; endswith; http.host; content:"bisolar.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428474/; classtype:trojan-activity;sid:81291574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/open-array/special-profile/0bjae9f49zy0z5-t4v0u/"; depth:57; endswith; http.host; content:"bnmintl.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428473/; classtype:trojan-activity;sid:81291573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/llc/0148g3k/3rjjj8t26018235350739xxujvp63s/"; depth:48; endswith; http.host; content:"chancemorrison.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428472/; classtype:trojan-activity;sid:81291572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/available_djqwk411c70g5bnq_0ni7pt4/ocozy5sf_hpb1rfpcnbls1_forum/7956309338_axyerjtr89hnmsta/"; depth:100; endswith; http.host; content:"camilacohen.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428471/; classtype:trojan-activity;sid:81291571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/sites/5v6zhnr7vt/"; depth:26; endswith; http.host; content:"citymobile.rs"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428470/; classtype:trojan-activity;sid:81291570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botf/multifunctional-sector/individual-portal/7320154978872-qbtwwr/"; depth:68; endswith; http.host; content:"chesternet.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428469/; classtype:trojan-activity;sid:81291569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-keys.php"; depth:12; endswith; http.host; content:"globalfilipino.net"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428468/; classtype:trojan-activity;sid:81291568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-keys.php"; depth:12; endswith; http.host; content:"flidot.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428467/; classtype:trojan-activity;sid:81291567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-keys.php"; depth:12; endswith; http.host; content:"danyalpakhsh.ir"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428466/; classtype:trojan-activity;sid:81291566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-keys.php"; depth:12; endswith; http.host; content:"chiarizzimooca-lancamento.com.br"; depth:32; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428465/; classtype:trojan-activity;sid:81291565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup/payment/fh57732744518539w2bxnz8awlim2fp/"; depth:48; endswith; http.host; content:"ckinterbiz.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428464/; classtype:trojan-activity;sid:81291564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup_sistemas/attachments/8lv336uz/"; depth:38; endswith; http.host; content:"ceramicaburguina.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428463/; classtype:trojan-activity;sid:81291563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shred/multifunctional-disk/test-forum/248819033-m3xhc9qe/"; depth:58; endswith; http.host; content:"creationskateboards.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428462/; classtype:trojan-activity;sid:81291562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/invoice/0cx689m/v3055409309502415wu2yf0s1imuhfh17/"; depth:63; endswith; http.host; content:"cianeconsultoria.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428461/; classtype:trojan-activity;sid:81291561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.153.170.158"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428460/; classtype:trojan-activity;sid:81291560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.93.157.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428459/; classtype:trojan-activity;sid:81291559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.237.44"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428458/; classtype:trojan-activity;sid:81291558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.124.195.61"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428457/; classtype:trojan-activity;sid:81291557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teste/balance/"; depth:15; endswith; http.host; content:"crupie.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428456/; classtype:trojan-activity;sid:81291556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.208.118.26"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428455/; classtype:trojan-activity;sid:81291555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.226.85.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428454/; classtype:trojan-activity;sid:81291554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/personal_zone/orxow9g_7fvuu1qahkl1_space/5099723098_dm3xymmpb/"; depth:71; endswith; http.host; content:"denisebuss.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428453/; classtype:trojan-activity;sid:81291553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/craigslist/inc/"; depth:16; endswith; http.host; content:"www.dougsuniverse.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428452/; classtype:trojan-activity;sid:81291552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miccrypted.exe"; depth:15; endswith; http.host; content:"88.218.16.20"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428451/; classtype:trojan-activity;sid:81291551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/etrac/"; depth:14; endswith; http.host; content:"www.duffy.ie"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428450/; classtype:trojan-activity;sid:81291550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flocrypted.exe"; depth:15; endswith; http.host; content:"88.218.16.20"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428449/; classtype:trojan-activity;sid:81291549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/royalcrypted.exe"; depth:17; endswith; http.host; content:"88.218.16.20"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428448/; classtype:trojan-activity;sid:81291548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jojocrypted.exe"; depth:16; endswith; http.host; content:"88.218.16.20"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428447/; classtype:trojan-activity;sid:81291547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"110.18.194.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428446/; classtype:trojan-activity;sid:81291546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/llc/4v8e92/"; depth:16; endswith; http.host; content:"dvcibinhthanh.vn"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428445/; classtype:trojan-activity;sid:81291545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"60.162.187.162"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428444/; classtype:trojan-activity;sid:81291544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.116.216.238"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428443/; classtype:trojan-activity;sid:81291543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"45.116.107.131"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428442/; classtype:trojan-activity;sid:81291542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.191.73"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428441/; classtype:trojan-activity;sid:81291541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"211.137.225.39"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428440/; classtype:trojan-activity;sid:81291540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/sites/tu8718500677zc7duc8wj/"; depth:33; endswith; http.host; content:"enronglobal.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428439/; classtype:trojan-activity;sid:81291539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"199.83.200.132"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428438/; classtype:trojan-activity;sid:81291538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.61.250"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428437/; classtype:trojan-activity;sid:81291537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blogs/w6-6k-841387/"; depth:20; endswith; http.host; content:"thekassia.co.uk"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428436/; classtype:trojan-activity;sid:81291536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/z772u-sl-26148/"; depth:25; endswith; http.host; content:"z-bai.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428435/; classtype:trojan-activity;sid:81291535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.104.248.85"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428434/; classtype:trojan-activity;sid:81291534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.134.185.49"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428433/; classtype:trojan-activity;sid:81291533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.88"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428432/; classtype:trojan-activity;sid:81291532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.52"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428431/; classtype:trojan-activity;sid:81291531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"150.255.128.47"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428430/; classtype:trojan-activity;sid:81291530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/overview/dm69r1c1w0f/"; depth:34; endswith; http.host; content:"elsa.org.rs"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428429/; classtype:trojan-activity;sid:81291529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.114.95.180"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428428/; classtype:trojan-activity;sid:81291528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.234.166"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428427/; classtype:trojan-activity;sid:81291527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/available-module/2xxygoq5-ixhvu4kgxin0-forum/443614052-cxn819m/"; depth:68; endswith; http.host; content:"faitu.ch"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428426/; classtype:trojan-activity;sid:81291526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.123.60.170"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428425/; classtype:trojan-activity;sid:81291525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/inc/"; depth:16; endswith; http.host; content:"crewnecksusa.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428424/; classtype:trojan-activity;sid:81291524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/9bnczi2n4ds6n-22dzbc2i-ttxseyl-oibmiqah0/additional-profile/512621-csnv9vgc4aavg6/"; depth:88; endswith; http.host; content:"facanha.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428423/; classtype:trojan-activity;sid:81291523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/docs/efm2qow9ba9/"; depth:25; endswith; http.host; content:"www.cemonline.co.uk"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428422/; classtype:trojan-activity;sid:81291522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filmes-protecao/docs/7jwgq5/"; depth:29; endswith; http.host; content:"dafabrasivos.com.br"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428421/; classtype:trojan-activity;sid:81291521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/masd/howto/css/multifunctional_section/corporate_portal/43527657241_9ddlpmmr/"; depth:78; endswith; http.host; content:"freespiritmind.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428420/; classtype:trojan-activity;sid:81291520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autenticacao/open_resource/individual_6qje5_86d/3565113_q4radtay/"; depth:66; endswith; http.host; content:"fritisco.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428419/; classtype:trojan-activity;sid:81291519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.179.252"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428418/; classtype:trojan-activity;sid:81291518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.94.217"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428417/; classtype:trojan-activity;sid:81291517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.20.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428416/; classtype:trojan-activity;sid:81291516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"203.134.219.41"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428415/; classtype:trojan-activity;sid:81291515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.82.196.123"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428414/; classtype:trojan-activity;sid:81291514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.40.248"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428413/; classtype:trojan-activity;sid:81291513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thumbnails/scan/r38jlxynzh/"; depth:28; endswith; http.host; content:"gesocomputers.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428412/; classtype:trojan-activity;sid:81291512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/open-zone/h5ifqpbj-hw0s5xzn4egf-yg4u-mscqah/ze3-4054243/"; depth:65; endswith; http.host; content:"giuliopacini.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428411/; classtype:trojan-activity;sid:81291511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forum/llc/"; depth:11; endswith; http.host; content:"gojackets.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428410/; classtype:trojan-activity;sid:81291510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/swift/c2atnd8/g6c9418957375ab1byb6zhb/"; depth:47; endswith; http.host; content:"gzty.co"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428409/; classtype:trojan-activity;sid:81291509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/entropybanner/open_section/external_mvsaivtv_terwvt6sgbvsxt/vsdvghf_8o9wa1rjgh7/"; depth:81; endswith; http.host; content:"fbcrva.org"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428408/; classtype:trojan-activity;sid:81291508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jubcw/pdwd/"; depth:12; endswith; http.host; content:"just-astrology.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428407/; classtype:trojan-activity;sid:81291507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bumqs/yaofp1-p8vxz-21/"; depth:23; endswith; http.host; content:"demo.alexandremaurouard.fr"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428406/; classtype:trojan-activity;sid:81291506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rcpxl/henco0-hv4lw-3135/"; depth:25; endswith; http.host; content:"mantra-cbd.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428405/; classtype:trojan-activity;sid:81291505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/4e-qsc-483089/"; depth:24; endswith; http.host; content:"paganwitch.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428404/; classtype:trojan-activity;sid:81291504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/exktriftf/"; depth:30; endswith; http.host; content:"booking.safelyswim.co.uk"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428403/; classtype:trojan-activity;sid:81291503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/zyfdheio/"; depth:21; endswith; http.host; content:"ronymotto.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428402/; classtype:trojan-activity;sid:81291502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/rl4c5-2va-92/"; depth:23; endswith; http.host; content:"qzjxx.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428401/; classtype:trojan-activity;sid:81291501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qblyn/vn-dk-41327/"; depth:19; endswith; http.host; content:"diamondsindonesia.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428400/; classtype:trojan-activity;sid:81291500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/il7shpra-vx-8000/"; depth:18; endswith; http.host; content:"cyclegypsy.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428399/; classtype:trojan-activity;sid:81291499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/xibzo/"; depth:15; endswith; http.host; content:"agenity.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428398/; classtype:trojan-activity;sid:81291498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/eoj/"; depth:17; endswith; http.host; content:"cuongvinh.vn"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428397/; classtype:trojan-activity;sid:81291497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efiva/bv8-k1f-111875/"; depth:22; endswith; http.host; content:"tuhoctiengtrung.vn"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428396/; classtype:trojan-activity;sid:81291496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8eel5yhwsg/0cx2is0-feuxd-2216/"; depth:31; endswith; http.host; content:"lostbookofremedies.download"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428395/; classtype:trojan-activity;sid:81291495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/nilxqd/"; depth:20; endswith; http.host; content:"jobs2bdone.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428394/; classtype:trojan-activity;sid:81291494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup/j4c3u7766/"; depth:18; endswith; http.host; content:"aabhaassikka.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428393/; classtype:trojan-activity;sid:81291493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18632/4mv8km8guspb0133/"; depth:24; endswith; http.host; content:"www.prudentwoo.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428392/; classtype:trojan-activity;sid:81291492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/adk6n8jm61/"; depth:23; endswith; http.host; content:"fallanime.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428391/; classtype:trojan-activity;sid:81291491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/fjkpbovun/"; depth:23; endswith; http.host; content:"vfw5265.org"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428390/; classtype:trojan-activity;sid:81291490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/scan/"; depth:14; endswith; http.host; content:"heberts.qc.ca"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428389/; classtype:trojan-activity;sid:81291489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8080"; depth:5; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428388/; classtype:trojan-activity;sid:81291488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8000"; depth:5; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428387/; classtype:trojan-activity;sid:81291487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3309"; depth:5; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428386/; classtype:trojan-activity;sid:81291486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3308"; depth:5; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428385/; classtype:trojan-activity;sid:81291485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3307"; depth:5; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428384/; classtype:trojan-activity;sid:81291484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3306"; depth:5; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428383/; classtype:trojan-activity;sid:81291483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/443"; depth:4; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428382/; classtype:trojan-activity;sid:81291482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53"; depth:3; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428381/; classtype:trojan-activity;sid:81291481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23"; depth:3; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428380/; classtype:trojan-activity;sid:81291480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21"; depth:3; endswith; http.host; content:"98.159.110.20"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428379/; classtype:trojan-activity;sid:81291479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/postales/payment/gv5xzyn/nn0dx744378429986011jpcuz1g40kryj5wihfi/"; depth:66; endswith; http.host; content:"inmobiliaria-lex.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428378/; classtype:trojan-activity;sid:81291478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/csv_import/common-array/special-04438819427-2heoldbg/37htnrlwtmc51iu-v745w2758wvz/"; depth:88; endswith; http.host; content:"maniot.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428377/; classtype:trojan-activity;sid:81291477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/ckqkuz/"; depth:20; endswith; http.host; content:"diamondbraintutor.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428376/; classtype:trojan-activity;sid:81291476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hobby/hknef/"; depth:13; endswith; http.host; content:"www.afurtak.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428375/; classtype:trojan-activity;sid:81291475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/0zt7z1n/"; depth:17; endswith; http.host; content:"www.dagongolfcity.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428374/; classtype:trojan-activity;sid:81291474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/prr5306427/"; depth:18; endswith; http.host; content:"www.willowcreekct.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428373/; classtype:trojan-activity;sid:81291473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meta/wwskr5dr/"; depth:15; endswith; http.host; content:"whitehautephotography.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428372/; classtype:trojan-activity;sid:81291472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awstats/invoice/6garpoqq/"; depth:26; endswith; http.host; content:"karabu.quebec"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428371/; classtype:trojan-activity;sid:81291471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/b_1_b5ce/"; depth:18; endswith; http.host; content:"tool.myportalx.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428370/; classtype:trojan-activity;sid:81291470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kzbst/p_3_lqo8eaj/"; depth:19; endswith; http.host; content:"zerohungerapp.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428369/; classtype:trojan-activity;sid:81291469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erros/nt_ozq2y_k6s88xxcau/"; depth:27; endswith; http.host; content:"andreortega.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428368/; classtype:trojan-activity;sid:81291468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghp3wu/27yja_wwgc8_570/"; depth:24; endswith; http.host; content:"illhaqsteeleng.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428367/; classtype:trojan-activity;sid:81291467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/mt2f7_7pd0u_1bhbba/"; depth:26; endswith; http.host; content:"tony.blvrdev.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428366/; classtype:trojan-activity;sid:81291466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/scan/s4ai47403335998613d5wc9yjaqikjjb7ag7/"; depth:55; endswith; http.host; content:"microtechelectronica.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428365/; classtype:trojan-activity;sid:81291465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pokemon/014xvs9w7_n3o71jouqkc2h1o_box/test_space/bbwgqweeyuq0h0f4_xs027s6xs/"; depth:77; endswith; http.host; content:"mmudev.info"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428364/; classtype:trojan-activity;sid:81291464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/public/"; depth:15; endswith; http.host; content:"nanoagro.com.ar"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428363/; classtype:trojan-activity;sid:81291463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/immagini_albums/protected_box/7t4vd16d3o_aj4zk_space/medacam21_92yx40uystu/"; depth:76; endswith; http.host; content:"www.marcovacca.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428362/; classtype:trojan-activity;sid:81291462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/personal_disk/6zjy9mppgjz_wf9i8dmln_2719527572_5oerizqzzcfhnii/9881817403911_otstg6/"; depth:93; endswith; http.host; content:"nexuspoint.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428361/; classtype:trojan-activity;sid:81291461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os5/llc/1jj3b36l36/"; depth:20; endswith; http.host; content:"mustardgarden.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428360/; classtype:trojan-activity;sid:81291460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/doc/xj7fb5t1e/"; depth:23; endswith; http.host; content:"marcelhesseling.nl"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428359/; classtype:trojan-activity;sid:81291459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/en/public/d7826sh4elih/"; depth:31; endswith; http.host; content:"no1angelsescort.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428358/; classtype:trojan-activity;sid:81291458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmp/dzzy8mfkrrg/"; depth:17; endswith; http.host; content:"segam.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428357/; classtype:trojan-activity;sid:81291457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rar/file/afr82yqek/"; depth:20; endswith; http.host; content:"nettube.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428356/; classtype:trojan-activity;sid:81291456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luxcal/files/common-c4jc-iosvkl4/verifiable-profile/giaii4tm7qm4bq-wvu3/"; depth:73; endswith; http.host; content:"turbozero.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428355/; classtype:trojan-activity;sid:81291455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttxpm/lm/"; depth:10; endswith; http.host; content:"thietbinhapkhau.com.vn"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428354/; classtype:trojan-activity;sid:81291454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/report/jx8etvm/"; depth:20; endswith; http.host; content:"obmoz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428353/; classtype:trojan-activity;sid:81291453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/common/yz.vbs"; depth:14; endswith; http.host; content:"yp.hnggzyjy.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428352/; classtype:trojan-activity;sid:81291452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upsupx2.exe"; depth:12; endswith; http.host; content:"174.128.235.243"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428351/; classtype:trojan-activity;sid:81291451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azure/open_section/corporate_ondub2mz_qcovpb1ux/hh24zsv_2u35/"; depth:62; endswith; http.host; content:"mikespub.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428350/; classtype:trojan-activity;sid:81291450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/open_zone/individual_hhlrpkzrxi_sikawdxwq/rhszox_wg7dhrckmm9ywz/"; depth:73; endswith; http.host; content:"patriciacervi.com.ar"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428349/; classtype:trojan-activity;sid:81291449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/nc2zveo_roqr7cg489k75gbt_array/guarded_79imeptim2h4_mrcv7pt5tc5p5t9/4569200687_k8et6v/"; depth:94; endswith; http.host; content:"polkapower.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428348/; classtype:trojan-activity;sid:81291448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/"; depth:15; endswith; http.host; content:"pascalmedia.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428347/; classtype:trojan-activity;sid:81291447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/personal_section/ji8s0qm94o_ui91k409c_0j4m9_xdkj86i9bwdm2t/5q7kj3_7vy4s1sz/"; depth:88; endswith; http.host; content:"recomer.it"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428346/; classtype:trojan-activity;sid:81291446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/statement/cgznn7ire/"; depth:28; endswith; http.host; content:"www.pixelutopia.co.uk"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428345/; classtype:trojan-activity;sid:81291445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/7k2jre-pa4b7t-module/corporate-010205662377-0peciirsottl/687716681-ssjmfwali9sui/"; depth:89; endswith; http.host; content:"rmcintyre.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428344/; classtype:trojan-activity;sid:81291444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rvsincludefile/open_zone/guarded_d8maglyag6mi_9xow9xjj1f6e7t/lbrv3faafzn0q_9739wx2/"; depth:84; endswith; http.host; content:"praxis3d.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428343/; classtype:trojan-activity;sid:81291443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/docs/"; depth:14; endswith; http.host; content:"rccarcare.com.au"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428342/; classtype:trojan-activity;sid:81291442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/schoolhouse/available-zone/test-gpidknza-f4kqncp2w/jbf25b-sz081501/"; depth:68; endswith; http.host; content:"radiantweb.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428341/; classtype:trojan-activity;sid:81291441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/press/logos/scan/dl49220533813640193pfnotmh8slhnqrv9z8/"; depth:56; endswith; http.host; content:"rootsroundup.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428340/; classtype:trojan-activity;sid:81291440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vasilica-pascutoi/80748214800_wp5vt1crehp_module/verified_portal/0315005240049_j0umoqfsmgckc/"; depth:94; endswith; http.host; content:"raffe.ro"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428339/; classtype:trojan-activity;sid:81291439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sites/"; depth:19; endswith; http.host; content:"www.samkimphoto.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428338/; classtype:trojan-activity;sid:81291438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dup-installer/yd-9vgs-128/"; depth:27; endswith; http.host; content:"concrefiber.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428337/; classtype:trojan-activity;sid:81291437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c_panel/protected-zone/corporate-area/4304787-c1qgsy6fvf/"; depth:58; endswith; http.host; content:"scambiofans.it"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428336/; classtype:trojan-activity;sid:81291436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/music/oct/2wu06008608paqzwvwtqxgy/"; depth:35; endswith; http.host; content:"scheff.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428335/; classtype:trojan-activity;sid:81291435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/np2-l7ymxk0-resource/special-forum/mm75doaas03c5h-38t9y/"; depth:62; endswith; http.host; content:"schonlinepvc.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428334/; classtype:trojan-activity;sid:81291434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/florida/inc/biigwb6380621993522kkbejuktfhxx89lw/"; depth:49; endswith; http.host; content:"rmgphotography.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428333/; classtype:trojan-activity;sid:81291433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428332/; classtype:trojan-activity;sid:81291432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428331/; classtype:trojan-activity;sid:81291431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428330/; classtype:trojan-activity;sid:81291430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428329/; classtype:trojan-activity;sid:81291429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.ghoul"; depth:13; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428328/; classtype:trojan-activity;sid:81291428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428327/; classtype:trojan-activity;sid:81291427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.ghoul"; depth:13; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428326/; classtype:trojan-activity;sid:81291426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428325/; classtype:trojan-activity;sid:81291425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.ghoul"; depth:13; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428324/; classtype:trojan-activity;sid:81291424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.ghoul"; depth:13; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428323/; classtype:trojan-activity;sid:81291423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428322/; classtype:trojan-activity;sid:81291422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.ghoul"; depth:14; endswith; http.host; content:"194.87.138.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428321/; classtype:trojan-activity;sid:81291421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/closed-zone/7685261450-oeams2tko-area/3712547716-v5go98qi/"; depth:67; endswith; http.host; content:"salazarbastos.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428320/; classtype:trojan-activity;sid:81291420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdrom/css/swift/8hzdsltq7j/"; depth:28; endswith; http.host; content:"solucionestecnicom.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428319/; classtype:trojan-activity;sid:81291419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/open_module/security_portal/47043719166_x3vj3eslcviq8egj/"; depth:67; endswith; http.host; content:"www.s4web.it"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428318/; classtype:trojan-activity;sid:81291418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/overview/bx7yr08i7yii/0cqw8m7438678340926y31a06jd3umy8m9l3/"; depth:64; endswith; http.host; content:"sherpa.co.jp"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428317/; classtype:trojan-activity;sid:81291417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taevimncorufglbzhwxqpdkjs/meth.arm"; depth:35; endswith; http.host; content:"amenascan.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428316/; classtype:trojan-activity;sid:81291416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/private-box/open-portal/1ofpw2pvb-53m63s9i/"; depth:52; endswith; http.host; content:"synergycycling.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428315/; classtype:trojan-activity;sid:81291415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/balance/"; depth:20; endswith; http.host; content:"serraikaplintiria.gr"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428314/; classtype:trojan-activity;sid:81291414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn0rt.sh"; depth:9; endswith; http.host; content:"185.172.110.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428313/; classtype:trojan-activity;sid:81291413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/balance/ul8pg9j5/2hi524184390086262x3ii3eta55b88yhl/"; depth:59; endswith; http.host; content:"tecnosis.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428312/; classtype:trojan-activity;sid:81291412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/statement/"; depth:20; endswith; http.host; content:"timbersdeck.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428311/; classtype:trojan-activity;sid:81291411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/balance/q4333d3n/"; depth:24; endswith; http.host; content:"tkdkornik.pl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428310/; classtype:trojan-activity;sid:81291410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.227.121.224"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428309/; classtype:trojan-activity;sid:81291409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.243.122.219"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428308/; classtype:trojan-activity;sid:81291408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.122.62.113"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428307/; classtype:trojan-activity;sid:81291407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.166.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428306/; classtype:trojan-activity;sid:81291406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.208.122.34"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428305/; classtype:trojan-activity;sid:81291405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.208.169.35"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428304/; classtype:trojan-activity;sid:81291404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.233.31.125"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428303/; classtype:trojan-activity;sid:81291403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.230.206.60"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428302/; classtype:trojan-activity;sid:81291402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.142.11.225"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428301/; classtype:trojan-activity;sid:81291401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.234.60.226"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428300/; classtype:trojan-activity;sid:81291400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.42.102.134"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428299/; classtype:trojan-activity;sid:81291399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadcid=8e778d4a23c91a07|7c|26|7c|resid=8e778d4a23c91a07%21254|7c|26|7c|authkey=amd_oesuixz4dre"; depth:100; endswith; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428298/; classtype:trojan-activity;sid:81291398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/id3/444_nrliq221.bin"; depth:33; endswith; http.host; content:"ezvizlife.lv"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428297/; classtype:trojan-activity;sid:81291397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/u1wayrk0f1pr-796sj-disk/verified-cloud/paocann6fs-0v6t7su8wv/"; depth:65; endswith; http.host; content:"svenofuchs.org"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428296/; classtype:trojan-activity;sid:81291396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.123.58.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428295/; classtype:trojan-activity;sid:81291395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.235.114.16"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428294/; classtype:trojan-activity;sid:81291394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.229.229.62"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428293/; classtype:trojan-activity;sid:81291393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.243.122.140"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428292/; classtype:trojan-activity;sid:81291392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awstats-icon/private-zone/interior-space/292161793-eafb70/"; depth:59; endswith; http.host; content:"www.typotech.net"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428291/; classtype:trojan-activity;sid:81291391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/installer/documentation/8ggt13/"; depth:37; endswith; http.host; content:"support-4-free.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428290/; classtype:trojan-activity;sid:81291390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/balance/dl2xib6ch/"; depth:31; endswith; http.host; content:"trilibertyescrow.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428289/; classtype:trojan-activity;sid:81291389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/inc/us68589559332mu4yx4nd38jbzv/"; depth:37; endswith; http.host; content:"unsimpleclic.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428288/; classtype:trojan-activity;sid:81291388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/protected_box/additional_area/z3ocq_7hnwpcmdx/"; depth:55; endswith; http.host; content:"wmarge.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428287/; classtype:trojan-activity;sid:81291387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/font-awesome-4x/statement/6mpldr0/"; depth:35; endswith; http.host; content:"www.vacsew.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428286/; classtype:trojan-activity;sid:81291386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/personal-hbwsylu0ayj-4xyb53cwzjo7a/5thb-bydxtm0b4w8xmz-profile/079249-3pjswulfeojsda/"; depth:97; endswith; http.host; content:"www.v-film.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428285/; classtype:trojan-activity;sid:81291385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blogprueba/invoice/i9j7uft3nm/6uq245014229374893283u8cfm5xjksfc6z/"; depth:67; endswith; http.host; content:"www.gabrielkrail.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428284/; classtype:trojan-activity;sid:81291384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/multifunctional-du8k6dd-zukni8tod4r5me4/open-yskytyc7-z1hb6qheu/834772628-b7kdt/"; depth:93; endswith; http.host; content:"www.grafikzone.fr"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428283/; classtype:trojan-activity;sid:81291383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/awksh060ek1d/"; depth:22; endswith; http.host; content:"www.imprensalivre.top"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428282/; classtype:trojan-activity;sid:81291382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/open_box/8879195_oforss4z8_evrzd_i8iuhoswgpr/ubx8qfdc_b7f2raukau7o2/"; depth:77; endswith; http.host; content:"tomki.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428281/; classtype:trojan-activity;sid:81291381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/lm/"; depth:9; endswith; http.host; content:"www.hosting2000.it"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428280/; classtype:trojan-activity;sid:81291380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.39.92.252"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428279/; classtype:trojan-activity;sid:81291379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.234.148.223"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428278/; classtype:trojan-activity;sid:81291378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.23.199"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428277/; classtype:trojan-activity;sid:81291377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"41.86.5.164"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428276/; classtype:trojan-activity;sid:81291376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lubt6adjc0ma79-9pz47yi5h8xgh04e-disk/corporate-area/paku0srt-kh5w1pmrm606/"; depth:83; endswith; http.host; content:"www.thoko.co.ke"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428275/; classtype:trojan-activity;sid:81291375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"185.226.90.141"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428274/; classtype:trojan-activity;sid:81291374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/swift/mz6017191877199ccyegk8a954/"; depth:43; endswith; http.host; content:"salon-cris-creola.ro"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428273/; classtype:trojan-activity;sid:81291373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/7248714-zm6x1lqogm6mv2s-section/close-area/hfy7zv7-11x42x/"; depth:68; endswith; http.host; content:"btobconnection.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428272/; classtype:trojan-activity;sid:81291372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/closed-zone/guarded-vql7sblvn0ju-7c4s/3xqf-97xs/"; depth:60; endswith; http.host; content:"pmcc4thwatch.eu"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428271/; classtype:trojan-activity;sid:81291371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.87.224.139"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428270/; classtype:trojan-activity;sid:81291370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/protected-qo7v8kru3xl5s-bfmjxb/additional-cloud/asjep2utwwa-y462sv7/"; depth:80; endswith; http.host; content:"mamelina.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428269/; classtype:trojan-activity;sid:81291369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/parts_service/"; depth:34; endswith; http.host; content:"clara.letsgogo.it"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428268/; classtype:trojan-activity;sid:81291368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/personal_zone/additional_warehouse/xlvhigttv_s106vz503w04/"; depth:68; endswith; http.host; content:"jinterweb.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428267/; classtype:trojan-activity;sid:81291367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s0zhchvfbq/public/"; depth:19; endswith; http.host; content:"nasianje.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428266/; classtype:trojan-activity;sid:81291366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paf0/public/hgcw2r6i4jmy/qu91642748154e79vkp42cgk7vth2wno/"; depth:59; endswith; http.host; content:"mkmj021.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428265/; classtype:trojan-activity;sid:81291365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.x86"; depth:24; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428264/; classtype:trojan-activity;sid:81291364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.sh4"; depth:24; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428263/; classtype:trojan-activity;sid:81291363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.mpsl"; depth:25; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428262/; classtype:trojan-activity;sid:81291362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"119.239.77.76"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428261/; classtype:trojan-activity;sid:81291361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.ppc"; depth:24; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428260/; classtype:trojan-activity;sid:81291360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm"; depth:24; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428259/; classtype:trojan-activity;sid:81291359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm7"; depth:25; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428258/; classtype:trojan-activity;sid:81291358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm6"; depth:25; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428257/; classtype:trojan-activity;sid:81291357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm5"; depth:25; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428256/; classtype:trojan-activity;sid:81291356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.m68k"; depth:25; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428255/; classtype:trojan-activity;sid:81291355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.mips"; depth:25; endswith; http.host; content:"164.90.191.34"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428254/; classtype:trojan-activity;sid:81291354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"1.36.43.207"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428253/; classtype:trojan-activity;sid:81291353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"121.180.248.58"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428252/; classtype:trojan-activity;sid:81291352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vzshh/browse/3qhu0569102944qosuytnk0piqn/"; depth:42; endswith; http.host; content:"studio27.co.in"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428251/; classtype:trojan-activity;sid:81291351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webcalendar-master/0391294444_gd62vm3_zone/54956073751_bfgg8irha6eysbj_portal/155855_eb362ak/"; depth:94; endswith; http.host; content:"www.ajwebsites.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428250/; classtype:trojan-activity;sid:81291350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old-safariilab/9_k1_jgw/"; depth:25; endswith; http.host; content:"safariilab.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428249/; classtype:trojan-activity;sid:81291349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v7ql/6ru_8itd_e6n4mer/"; depth:23; endswith; http.host; content:"laijie88.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428248/; classtype:trojan-activity;sid:81291348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scbsn/s_ud_hlqsv5mhub/"; depth:23; endswith; http.host; content:"sososothemes.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428247/; classtype:trojan-activity;sid:81291347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/v3cu_1p9f_0s6a/"; depth:21; endswith; http.host; content:"chicagoyachtguru.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428246/; classtype:trojan-activity;sid:81291346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kqcij/x0uw_3_sd58cj6xl/"; depth:24; endswith; http.host; content:"rebeltraiteur.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428245/; classtype:trojan-activity;sid:81291345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/larson.exe"; depth:11; endswith; http.host; content:"88.119.171.197"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428244/; classtype:trojan-activity;sid:81291344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/balance/81koww49ns/"; depth:29; endswith; http.host; content:"ston.co"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428243/; classtype:trojan-activity;sid:81291343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/open-module/security-559204916-54jppljklxjf/b5pc9kysm-sx72vw39/"; depth:71; endswith; http.host; content:"amis.com.gr"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428242/; classtype:trojan-activity;sid:81291342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats/sites/jo11uiu/hqc8855367332589pjjvg6nle/"; depth:47; endswith; http.host; content:"alphapanda.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428241/; classtype:trojan-activity;sid:81291341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/sme3ws79x/"; depth:18; endswith; http.host; content:"melanieroux.co.za"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428239/; classtype:trojan-activity;sid:81291339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taevimncorufglbzhwxqpdkjs/meth.i686"; depth:36; endswith; http.host; content:"amenascan.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428238/; classtype:trojan-activity;sid:81291338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/common_sector/open_profile/04924000913541_jvypmx/"; depth:62; endswith; http.host; content:"ydslin.fun"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428237/; classtype:trojan-activity;sid:81291337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/cjgrvqny/"; depth:14; endswith; http.host; content:"camhighlight.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428236/; classtype:trojan-activity;sid:81291336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin./omlbgyzy/"; depth:20; endswith; http.host; content:"zeugmarotary.org"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428235/; classtype:trojan-activity;sid:81291335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/kmlzoaoj/"; depth:20; endswith; http.host; content:"goodnessgraciously.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428234/; classtype:trojan-activity;sid:81291334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/t54s8h033/"; depth:22; endswith; http.host; content:"crucial.co.jp"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428233/; classtype:trojan-activity;sid:81291333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/zvxarrh54123/"; depth:23; endswith; http.host; content:"tripatory.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428232/; classtype:trojan-activity;sid:81291332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttxpm/lm/"; depth:10; endswith; http.host; content:"thietbinhapkhau.com.vn"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428231/; classtype:trojan-activity;sid:81291331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/open_rtdie95w42izb_i4bxic2pi/additional_space/186q_s94uzvt6/"; depth:73; endswith; http.host; content:"hiepvan.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428230/; classtype:trojan-activity;sid:81291330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wccpz/document/r760587888436870zlcib9ix2b1hhmpwp/"; depth:50; endswith; http.host; content:"maygiatla.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428229/; classtype:trojan-activity;sid:81291329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/pvfql089825/"; depth:18; endswith; http.host; content:"bloggingbow.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428228/; classtype:trojan-activity;sid:81291328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/bxj7986/"; depth:13; endswith; http.host; content:"goodluckstoneshop.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428227/; classtype:trojan-activity;sid:81291327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/utaz22994/"; depth:22; endswith; http.host; content:"pnaia.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428226/; classtype:trojan-activity;sid:81291326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ehlmy/lhzqclwq/"; depth:16; endswith; http.host; content:"minimocha2u.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428225/; classtype:trojan-activity;sid:81291325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/sqc4dl/"; depth:19; endswith; http.host; content:"netflick4u.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428224/; classtype:trojan-activity;sid:81291324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/personal-zone/interior-warehouse/u7h9vgyiubeq-bjh9grgier/"; depth:65; endswith; http.host; content:"bowlerlawoffice.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428223/; classtype:trojan-activity;sid:81291323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/allan/doc/gtc0o44up/"; depth:21; endswith; http.host; content:"altwebsite.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428222/; classtype:trojan-activity;sid:81291322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taevimncorufglbzhwxqpdkjs/meth.i686"; depth:36; endswith; http.host; content:"185.172.110.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428221/; classtype:trojan-activity;sid:81291321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lochaistine.com/08735/x5km442795227311722044p89g50x/"; depth:53; endswith; http.host; content:"bagraphics.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428220/; classtype:trojan-activity;sid:81291320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/996tt/protected_array/test_w5vs36vv_qdtaqxobep/idhvfdxpj1th_w2u750z3975/"; depth:73; endswith; http.host; content:"jayracing.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428219/; classtype:trojan-activity;sid:81291319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whmcs/nxxp_bevmzkg5c3f3_1ji28nqf1_mwjcljpnf/open_portal/goqkglzhuv_7wsx8w0z43w39/"; depth:82; endswith; http.host; content:"thuis-hosting.eu"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428218/; classtype:trojan-activity;sid:81291318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/"; depth:13; endswith; http.host; content:"brightstarshop.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428217/; classtype:trojan-activity;sid:81291317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shop/parts_service/"; depth:20; endswith; http.host; content:"laceandbutton.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428216/; classtype:trojan-activity;sid:81291316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/available_808838_cfqqtz/open_23860057291_fdup2t0uwusgpkg/2qqr1q3_7xu1902/"; depth:78; endswith; http.host; content:"dawnoglethorpe.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428215/; classtype:trojan-activity;sid:81291315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/reporting/3dtsh0fm6fuj/"; depth:27; endswith; http.host; content:"titansaap.org"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428214/; classtype:trojan-activity;sid:81291314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/protected_disk/test_portal/d27erimcffd_qyhkgcbnfl/"; depth:60; endswith; http.host; content:"makeyouonline.id"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428213/; classtype:trojan-activity;sid:81291313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mails/themes/swift/"; depth:20; endswith; http.host; content:"dirsantjoan.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428212/; classtype:trojan-activity;sid:81291312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/wp-content/personal-resource/czr6fwleh-m4w7y0-forum/env23m-6385/"; depth:75; endswith; http.host; content:"servetambiental.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428211/; classtype:trojan-activity;sid:81291311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/llwda-4voledphtifw-section/4u8oimkek6y69p-df3-zsolmntb-pnpreejribvf2/gdxllnv-7vgji83gol/"; depth:98; endswith; http.host; content:"pngtech.in"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428210/; classtype:trojan-activity;sid:81291310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/esp/syoibz3hbr/"; depth:25; endswith; http.host; content:"alatdapur.id"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428209/; classtype:trojan-activity;sid:81291309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/llc/9pwgvpw7/"; depth:25; endswith; http.host; content:"blog.sigma.la"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428208/; classtype:trojan-activity;sid:81291308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/common-section/verifiable-qpilebd-njz2dhfdt7j/714744120697-kklllggtkv/"; depth:83; endswith; http.host; content:"carhandy.co.uk"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428207/; classtype:trojan-activity;sid:81291307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4hzzhn/statement/p4b2yrjvz8/"; depth:29; endswith; http.host; content:"ajantaresort.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428206/; classtype:trojan-activity;sid:81291306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zzyeq/protected_module/guarded_forum/2494357938_wftncvbl/"; depth:58; endswith; http.host; content:"waterproofing.spb.ru"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428205/; classtype:trojan-activity;sid:81291305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/paclm/shes105i/"; depth:25; endswith; http.host; content:"philosophy-world-democracy.org"; depth:30; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428204/; classtype:trojan-activity;sid:81291304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/common_sector/additional_forum/wbzrjog1lvm_ony4xlsru/"; depth:73; endswith; http.host; content:"baomoi.cc"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428203/; classtype:trojan-activity;sid:81291303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.228.31.101"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428202/; classtype:trojan-activity;sid:81291302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yddasdh/attachments/2v38869505568465cdo721jbcy9i/"; depth:50; endswith; http.host; content:"luvener-shop.de"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428201/; classtype:trojan-activity;sid:81291301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffqjv/76037084-ncajzzcurqxdybq-huiut3v-8dguy2u1n/special-profile/l376-116v1xv10w/"; depth:82; endswith; http.host; content:"conrex.be"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428200/; classtype:trojan-activity;sid:81291300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/oct/ldpf2235621540wpb62gwhz02/"; depth:41; endswith; http.host; content:"miaorj.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428199/; classtype:trojan-activity;sid:81291299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taevimncorufglbzhwxqpdkjs//meth.x86"; depth:36; endswith; http.host; content:"185.172.110.185"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428198/; classtype:trojan-activity;sid:81291298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428197/; classtype:trojan-activity;sid:81291297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/open-resource/330296985489-iu6c9dlu7fwcnv-warehouse/82217200-cz6gy/"; depth:77; endswith; http.host; content:"munalihillscollege.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428196/; classtype:trojan-activity;sid:81291296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin./parts_service/kj5qh6/"; depth:32; endswith; http.host; content:"web98.s131.goserver.host"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428195/; classtype:trojan-activity;sid:81291295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsw9i.txt"; depth:10; endswith; http.host; content:"u.teknik.io"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428194/; classtype:trojan-activity;sid:81291294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/8659178451_vqshldvhqr_box/vcfvuk9_jdwzkzcjffk_warehouse/96209092195_pqn5yg3vpgo7y/"; depth:94; endswith; http.host; content:"infokioski.pl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428193/; classtype:trojan-activity;sid:81291293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p_1681wdig21.jpg"; depth:17; endswith; http.host; content:"d.top4top.io"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428192/; classtype:trojan-activity;sid:81291292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/88953675483/3a6w0n4e/8k24l4990705758440498498alxpcsmqoi2b8r4qdba/"; depth:78; endswith; http.host; content:"xiaoliyu.shop"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428191/; classtype:trojan-activity;sid:81291291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/available-183932942793-qca2u6hksrjeyby/guarded-zu7db-2aapowrfp70h9z/q1pag5e61i-zs0v/"; depth:95; endswith; http.host; content:"gallatinhighboosters.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428190/; classtype:trojan-activity;sid:81291290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/,./lm/hcamt4cnqpga/"; depth:20; endswith; http.host; content:"ballsteponline24.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428189/; classtype:trojan-activity;sid:81291289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/report/cu99t8ur/q04217440879hc05iinoojmhr/"; depth:54; endswith; http.host; content:"homatour.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428188/; classtype:trojan-activity;sid:81291288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/closed_urv6hbat_7uniib7th9a/s96biu_yas5e60a7f7n_profile/lawwuezszpp_x5dwkql7gb8hj/"; depth:87; endswith; http.host; content:"endeavouronsite.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428187/; classtype:trojan-activity;sid:81291287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lxv0jfpyl6/oct/4dk425054410526928lfz9du2l3a2ivobduao/"; depth:54; endswith; http.host; content:"sahandhdr.ir"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428186/; classtype:trojan-activity;sid:81291286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/available-6864994-0wpvjkpc/close-warehouse/1wl-ws433274x/"; depth:67; endswith; http.host; content:"zahrali2020.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428185/; classtype:trojan-activity;sid:81291285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/browse/"; depth:19; endswith; http.host; content:"7700sy.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428184/; classtype:trojan-activity;sid:81291284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/available-module/open-space/aplry-nxd5hhm3ilodj/"; depth:60; endswith; http.host; content:"hnhcpl.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428183/; classtype:trojan-activity;sid:81291283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/yht05lc76/"; depth:20; endswith; http.host; content:"vectorthis.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428182/; classtype:trojan-activity;sid:81291282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/vgjbzdh53_5d943_resource/cqlgqiqf_0g7xtoizjjs_space/12967240_nbcbpsirj4nnym/"; depth:86; endswith; http.host; content:"irancookshoptest.ir"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428181/; classtype:trojan-activity;sid:81291281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kfkimwkagv9/"; depth:22; endswith; http.host; content:"hochtief-china.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428180/; classtype:trojan-activity;sid:81291280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/common_zone/additional_forum/93390887_5qdxejjju8nrl8/"; depth:66; endswith; http.host; content:"tshrifat.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428179/; classtype:trojan-activity;sid:81291279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/balance/"; depth:18; endswith; http.host; content:"dickensagencyacademy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428178/; classtype:trojan-activity;sid:81291278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/common_section/additional_lrimmq_j6yo0wpn/qetijn_34chk9oipmqi/"; depth:72; endswith; http.host; content:"energjia.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428177/; classtype:trojan-activity;sid:81291277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/overview/9uqm63hk/"; depth:28; endswith; http.host; content:"tuevy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428176/; classtype:trojan-activity;sid:81291276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gjrnobul/protected_sector/additional_area/990536_8n5nqwwmkhrstqe/"; depth:66; endswith; http.host; content:"gupiaorr.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428175/; classtype:trojan-activity;sid:81291275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruack/browse/bth14rm3h/3ongc295066569867qog0sh75yqc89z7njo7cv/"; depth:63; endswith; http.host; content:"begainbd.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428174/; classtype:trojan-activity;sid:81291274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rddss/protected_array/109999519_cxvdavpq5rbb2ip_warehouse/5225481009570_yrwazq5p/"; depth:82; endswith; http.host; content:"poonamjoshi.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428173/; classtype:trojan-activity;sid:81291273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/paclm/"; depth:19; endswith; http.host; content:"biyejia.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428172/; classtype:trojan-activity;sid:81291272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xjahe/personal-7tdsvngfa-s3p58nz48314g/security-warehouse/zfphw9iqc5-2x706/"; depth:76; endswith; http.host; content:"ukasian.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428171/; classtype:trojan-activity;sid:81291271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.exe"; depth:8; endswith; http.host; content:"shanghaiblackgoons.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428170/; classtype:trojan-activity;sid:81291270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/closing.docm"; depth:13; endswith; http.host; content:"shanghaiblackgoons.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428169/; classtype:trojan-activity;sid:81291269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qesnd/protected-module/external-profile/okolo3k-23ehtckw3ng/"; depth:61; endswith; http.host; content:"kaleeza.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428168/; classtype:trojan-activity;sid:81291268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; http.host; content:"doyouhavethistwospecificationinstockplea.duckdns.org"; depth:52; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428167/; classtype:trojan-activity;sid:81291267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sites/"; depth:19; endswith; http.host; content:"www.gulei.love"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428166/; classtype:trojan-activity;sid:81291266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earnquick.co.uk/protected_resource/corporate_warehouse/wtzp1sw_781738xz9yu4t/"; depth:78; endswith; http.host; content:"earnquick.co.uk"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428165/; classtype:trojan-activity;sid:81291265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc47bp/overview/"; depth:18; endswith; http.host; content:"www.corriconnoi.run"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428164/; classtype:trojan-activity;sid:81291264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p72zsn/protected_qjjfb_zewz2/3604458862_sy2jkbbsej_warehouse/gchi351tn2e_66vsz65/"; depth:82; endswith; http.host; content:"www.agora.id"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428163/; classtype:trojan-activity;sid:81291263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/parts_service/"; depth:24; endswith; http.host; content:"elseelektrikci.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428162/; classtype:trojan-activity;sid:81291262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/available_disk/verifiable_48481499378_nyp8f2pea9kb5i/n7f3nt_w11tzsx/"; depth:79; endswith; http.host; content:"extia-consulting.pt"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428161/; classtype:trojan-activity;sid:81291261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/common_section/additional_profile/qjcozm874id2aoij_v5u1y8uy4z0/"; depth:73; endswith; http.host; content:"992km.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428160/; classtype:trojan-activity;sid:81291260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.31.65.24"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428159/; classtype:trojan-activity;sid:81291259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.245.218.170"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428158/; classtype:trojan-activity;sid:81291258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.30.80"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428157/; classtype:trojan-activity;sid:81291257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.158.250.229"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428156/; classtype:trojan-activity;sid:81291256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"42.233.77.18"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428155/; classtype:trojan-activity;sid:81291255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.167.26"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428154/; classtype:trojan-activity;sid:81291254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.243.222"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428153/; classtype:trojan-activity;sid:81291253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/document/wocaa0ki/"; depth:29; endswith; http.host; content:"s9dslvpr.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428152/; classtype:trojan-activity;sid:81291252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/j2dp-feq-14/"; depth:24; endswith; http.host; content:"ekinerja.megadata.co"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428151/; classtype:trojan-activity;sid:81291251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ietsnwazeg/paclm/zjy6owu/"; depth:26; endswith; http.host; content:"juridicoqueiroz.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428150/; classtype:trojan-activity;sid:81291250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/etptvq_zmjgevya69_array/security_area/702687274710_xdcuz96305mf1/"; depth:76; endswith; http.host; content:"web.haadistore.club"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428149/; classtype:trojan-activity;sid:81291249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websiteguide/oct/j5a557112263556fn42hqwrs9zhl2jv6/"; depth:51; endswith; http.host; content:"haadistore.club"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428148/; classtype:trojan-activity;sid:81291248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/26483-uoqgkq0e-box/special-space/6l9u-0u49x5w0243/"; depth:60; endswith; http.host; content:"gotecheasy.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428147/; classtype:trojan-activity;sid:81291247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/overview/"; depth:29; endswith; http.host; content:"nbis.in"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428146/; classtype:trojan-activity;sid:81291246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/document/19ob13t63kha/844588696t9lmdpg33swyde7s/"; depth:59; endswith; http.host; content:"demo.haadistore.club"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428145/; classtype:trojan-activity;sid:81291245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jyiwk/swift/6356839s96bius7ys5e60/"; depth:35; endswith; http.host; content:"legalcrucible.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428144/; classtype:trojan-activity;sid:81291244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/scan/c9lm237739690395198oeipd9o7fyxude0nt/"; depth:52; endswith; http.host; content:"panorama.org.in"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428143/; classtype:trojan-activity;sid:81291243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/multifunctional-5812526594-y2soe19dta9f/y4nxps-i9kp2grqk8-space/440108-ukuvwjv/"; depth:92; endswith; http.host; content:"lentkhodro.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428142/; classtype:trojan-activity;sid:81291242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin_yqebsag70.bin"; depth:18; endswith; http.host; content:"111.90.138.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428141/; classtype:trojan-activity;sid:81291241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes./statement/n20032132v5adwoq800su2lny/"; depth:50; endswith; http.host; content:"pellero.ir"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428140/; classtype:trojan-activity;sid:81291240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/closed_box/test_952560_61onwxn9zppp/xown4_6zw14x03xx9925/"; depth:67; endswith; http.host; content:"visitingchef.co.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428139/; classtype:trojan-activity;sid:81291239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins/docs/"; depth:14; endswith; http.host; content:"cicleta.cl"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428138/; classtype:trojan-activity;sid:81291238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frkei/protected-244238-uns3jd/verifiable-69482375230-9j1kjpb1r/nuk-7359w/"; depth:74; endswith; http.host; content:"meditheraphy.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428137/; classtype:trojan-activity;sid:81291237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hu5glxu7/kh6nqqgcvnn-x71svok30ywjda-resource/additional-space/15609529517-fvk2yv8qu/"; depth:85; endswith; http.host; content:"52freelife.top"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428136/; classtype:trojan-activity;sid:81291236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhhfn/dfnfp_7n97_array/guarded_area/jxvxnkj_z9v5hbzzjia4/"; depth:58; endswith; http.host; content:"posterchild.com.bd"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428135/; classtype:trojan-activity;sid:81291235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/pih/"; depth:14; endswith; http.host; content:"hooleys-pub.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428134/; classtype:trojan-activity;sid:81291234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/common_array/verified_space/61myzh_b4ksb48djq/"; depth:58; endswith; http.host; content:"dinbilimi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428133/; classtype:trojan-activity;sid:81291233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/60220_f2wyjs_zone/external_ubipd_sxk6llogzh1y7q/ye8qfm85li1q_77t7vty/"; depth:82; endswith; http.host; content:"hamrokarnalikhabar.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428132/; classtype:trojan-activity;sid:81291232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/statement/14mrvlihfyj/c6jf6u30367549985540765nut61hmbchio2kdy53t/"; depth:77; endswith; http.host; content:"ozgbi.ru"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428131/; classtype:trojan-activity;sid:81291231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes./6vto_we1t_fcdo/"; depth:29; endswith; http.host; content:"terrafreshorganics.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428130/; classtype:trojan-activity;sid:81291230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0wp-content/ithn_eziao_ify6vv1f/"; depth:33; endswith; http.host; content:"spk.jpm.gov.my"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428129/; classtype:trojan-activity;sid:81291229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/zt_wv_czgbonheb/"; depth:36; endswith; http.host; content:"lyveinc.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428128/; classtype:trojan-activity;sid:81291228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/haasy_0ail8_llg/"; depth:28; endswith; http.host; content:"septicst.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428127/; classtype:trojan-activity;sid:81291227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/431e_ks_ohbu7uf/"; depth:28; endswith; http.host; content:"rhinopaving.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428126/; classtype:trojan-activity;sid:81291226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/common_jrvxlaadg_9kpqzmawr9c2/close_profile/2s3odxwjrt_x9087/"; depth:71; endswith; http.host; content:"eva-sendana.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428125/; classtype:trojan-activity;sid:81291225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/docs/"; depth:17; endswith; http.host; content:"moraniz.co.il"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428124/; classtype:trojan-activity;sid:81291224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/0tsbi3-plp2-634304/"; depth:29; endswith; http.host; content:"rocket.alfonsocatron.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428123/; classtype:trojan-activity;sid:81291223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpdhg/private-hzzs-kzqlc95i/interior-cloud/xat680wr-32suyu0t75w0/"; depth:66; endswith; http.host; content:"chiswick.insistar.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428122/; classtype:trojan-activity;sid:81291222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/scan/nauuimii/iex09w165388519089dde467yrowd8qtep00c/"; depth:72; endswith; http.host; content:"ufs.pivotroots.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428121/; classtype:trojan-activity;sid:81291221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quotation.exe"; depth:14; endswith; http.host; content:"brandotoday.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428120/; classtype:trojan-activity;sid:81291220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/wo0l4zve20/72jomymy8f9m/jxoc684024506368ssdr790gm6qls/"; depth:72; endswith; http.host; content:"nusasarana.id"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428119/; classtype:trojan-activity;sid:81291219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsfdx/open-disk/interior-warehouse/214598-j6a7ai8lpgzk/"; depth:56; endswith; http.host; content:"types-magazine.architektur.tu-berlin.de"; depth:39; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428118/; classtype:trojan-activity;sid:81291218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/polmnz/"; depth:15; endswith; http.host; content:"dimentec.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428117/; classtype:trojan-activity;sid:81291217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/cvs-l79a5-351/"; depth:26; endswith; http.host; content:"sushigarden.it"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428116/; classtype:trojan-activity;sid:81291216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/scan/spva5o8er3/"; depth:28; endswith; http.host; content:"lovebtp.com.tw"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428115/; classtype:trojan-activity;sid:81291215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/um2an4zn7ftqp7r-ouvj-659859117-cgsdu/verifiable-profile/6024686812-hva87uqbbo/"; depth:90; endswith; http.host; content:"hsayatirim.com.tr"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428114/; classtype:trojan-activity;sid:81291214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/swift/0n481wbvv6s/"; depth:28; endswith; http.host; content:"chanquang.site"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428113/; classtype:trojan-activity;sid:81291213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/overview/d1mmyx48/"; depth:27; endswith; http.host; content:"cachacarianortedeminas.com.br"; depth:29; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428112/; classtype:trojan-activity;sid:81291212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngtjh/closed_72y71rdy_pgogksd6/7675915_cjefhimmphlt_space/fevzw4ug_mkafykiysepj6d/"; depth:83; endswith; http.host; content:"rhiannondoyle.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428111/; classtype:trojan-activity;sid:81291211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/lm/"; depth:9; endswith; http.host; content:"ticket.lowvoltage.ro"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428110/; classtype:trojan-activity;sid:81291210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcbv/common_resource/additional_area/6y9hae_jlicjp63qy/"; depth:56; endswith; http.host; content:"anime-station.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428109/; classtype:trojan-activity;sid:81291209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/491c439a07fa4deb480951c51a6b138b/xmlv/"; depth:39; endswith; http.host; content:"basmahane.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428108/; classtype:trojan-activity;sid:81291208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zdaok/dmcvcbzat/"; depth:17; endswith; http.host; content:"stellamega-citycantho.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428107/; classtype:trojan-activity;sid:81291207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/dvsf/"; depth:17; endswith; http.host; content:"bajukuindonesia.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428106/; classtype:trojan-activity;sid:81291206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qec/obxzqo/"; depth:12; endswith; http.host; content:"karafarinsho.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428105/; classtype:trojan-activity;sid:81291205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yrn5/imgngc/"; depth:13; endswith; http.host; content:"letian.io"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428104/; classtype:trojan-activity;sid:81291204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/multifunctional-section/individual-portal/mrgfoofzn5rn1ga-1yts28z69z6/"; depth:83; endswith; http.host; content:"wmzart.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428103/; classtype:trojan-activity;sid:81291203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/overview/5z1qlkm9/i9ugw64169394xqmpghzp7qm/"; depth:55; endswith; http.host; content:"houseofart.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428102/; classtype:trojan-activity;sid:81291202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oqlud/available_module/verified_tbv1_z45lgrjmfwt/qejdydiqp_89wz3w9vvwu/"; depth:72; endswith; http.host; content:"ccediting.ca"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428101/; classtype:trojan-activity;sid:81291201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/kr9ulahveb0v/77z948606820n75vvv5dsvemg/"; depth:54; endswith; http.host; content:"123didulich.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428100/; classtype:trojan-activity;sid:81291200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocmms/closed-vsnj4sz-w2hwk5r/verified-kzeqqdu-8wireslbmslphn/nmoular2r-cjbf8inxg88bq/"; depth:86; endswith; http.host; content:"comaysaigon.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428099/; classtype:trojan-activity;sid:81291199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txceo/0286280208/r7a38h80458056403bzmzwgf9b144ea0d/"; depth:52; endswith; http.host; content:"realprevention.org"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428098/; classtype:trojan-activity;sid:81291198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afscs/available_sector/individual_59394360988_fbkwxw4xmvc/5ikqv8pd0ao6p_380u4930/"; depth:82; endswith; http.host; content:"lmsupermarket.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428097/; classtype:trojan-activity;sid:81291197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/cpjnfhdjz/"; depth:20; endswith; http.host; content:"lowvoltage.ro"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428096/; classtype:trojan-activity;sid:81291196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/inc/"; depth:14; endswith; http.host; content:"wordpress.redtaro.cn"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428095/; classtype:trojan-activity;sid:81291195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/po5jw/"; depth:16; endswith; http.host; content:"rcacal.itulstaging.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428094/; classtype:trojan-activity;sid:81291194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ratqc/vmtd48/"; depth:14; endswith; http.host; content:"baulamusic.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428093/; classtype:trojan-activity;sid:81291193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urpvz/gvlr7m5o11/"; depth:18; endswith; http.host; content:"corazonesalmar.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428092/; classtype:trojan-activity;sid:81291192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/z32/"; depth:13; endswith; http.host; content:"author.ledgr.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428091/; classtype:trojan-activity;sid:81291191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/flkibm/"; depth:17; endswith; http.host; content:"zcly.cn"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428090/; classtype:trojan-activity;sid:81291190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/payment/8o4054361916emn7j49of5zb3bgzbw29zx/"; depth:53; endswith; http.host; content:"jkshaonv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428089/; classtype:trojan-activity;sid:81291189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/multifunctional-id7m0-wnzc566ozxnq/709274-5v2nrk-kc5rrrnqb-zocwhqlp/9doqoo-vz5v64w01791x/"; depth:101; endswith; http.host; content:"ledgr.xyz"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428088/; classtype:trojan-activity;sid:81291188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/jrm371486997473cgnl93ho704/"; depth:44; endswith; http.host; content:"nhattan.online"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428087/; classtype:trojan-activity;sid:81291187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ucexport=download|7c|26|7c|id=1tgpkinkmh7ssfvef9u1r_pbf6qpesrv9"; depth:64; endswith; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428086/; classtype:trojan-activity;sid:81291186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/4w464uksa_4qgyqbrj_36338366_gk0lfvzxu3gzr5/security_area/077293438_vywsykfifgqw4ss/"; depth:95; endswith; http.host; content:"odishaculture.in"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428085/; classtype:trojan-activity;sid:81291185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmzdl/swift/ur6i6yt/"; depth:21; endswith; http.host; content:"findcheap.com.au"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428084/; classtype:trojan-activity;sid:81291184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/kiganet.x86"; depth:56; endswith; http.host; content:"93.157.62.102"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428083/; classtype:trojan-activity;sid:81291183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmaowtf/loligang.x86"; depth:21; endswith; http.host; content:"167.172.135.203"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428082/; classtype:trojan-activity;sid:81291182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.x86"; depth:25; endswith; http.host; content:"163.172.113.234"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428081/; classtype:trojan-activity;sid:81291181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hilix.x86"; depth:15; endswith; http.host; content:"164.90.229.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428080/; classtype:trojan-activity;sid:81291180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; http.host; content:"45.143.223.7"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428079/; classtype:trojan-activity;sid:81291179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razor/r4z0r.x86"; depth:16; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428078/; classtype:trojan-activity;sid:81291178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/federalagency.x86"; depth:23; endswith; http.host; content:"45.95.235.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428077/; classtype:trojan-activity;sid:81291177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thqsi/parts_service/kkg6esa328137022966yzl2y35iz668wkksk/"; depth:58; endswith; http.host; content:"gloect.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428076/; classtype:trojan-activity;sid:81291176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-snapshots/lm/kjpoheq/br1q7458291430703782879gp5zoz6ers532vjjnmb/"; depth:68; endswith; http.host; content:"hsu-managementsystems.nl"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428075/; classtype:trojan-activity;sid:81291175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s0zhchvfbq/public/"; depth:19; endswith; http.host; content:"nasianje.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428074/; classtype:trojan-activity;sid:81291174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/overview/k00ign/"; depth:26; endswith; http.host; content:"guanhengguandao.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428073/; classtype:trojan-activity;sid:81291173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xrwdk/sf4xx9w/"; depth:15; endswith; http.host; content:"nancymthompson.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428072/; classtype:trojan-activity;sid:81291172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/oil7_483z_f/"; depth:22; endswith; http.host; content:"xs-xl.cn"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428071/; classtype:trojan-activity;sid:81291171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/euxc_51bv_aozo1mk/"; depth:28; endswith; http.host; content:"blog.nucleoevent.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428070/; classtype:trojan-activity;sid:81291170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmctq/5r_yz7_gafgjvu/"; depth:22; endswith; http.host; content:"robimentheos.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428069/; classtype:trojan-activity;sid:81291169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/8t12_03_vz8pzyfhky/"; depth:31; endswith; http.host; content:"remt-standart.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428068/; classtype:trojan-activity;sid:81291168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/lz3_72_s/"; depth:21; endswith; http.host; content:"byuro-perevodov.su"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428067/; classtype:trojan-activity;sid:81291167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-snapshots/swift/9namv22v3q/5drio47977921996077mvlm3nwdtj27z7/"; depth:65; endswith; http.host; content:"shahrarasweet.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428066/; classtype:trojan-activity;sid:81291166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/settingo/scan/07ezlhjoipe/cqxrgn418603135127806co9wvvwizp5uxh/"; depth:63; endswith; http.host; content:"weare.academicpositions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428065/; classtype:trojan-activity;sid:81291165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.11.12.43"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428064/; classtype:trojan-activity;sid:81291164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.236.18.229"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428063/; classtype:trojan-activity;sid:81291163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.93.224.231"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428062/; classtype:trojan-activity;sid:81291162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.243.246"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428061/; classtype:trojan-activity;sid:81291161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.244.215.96"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428060/; classtype:trojan-activity;sid:81291160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.110.123.213"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428059/; classtype:trojan-activity;sid:81291159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"183.203.157.188"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428058/; classtype:trojan-activity;sid:81291158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.233.158.143"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428057/; classtype:trojan-activity;sid:81291157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"36.33.129.37"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428056/; classtype:trojan-activity;sid:81291156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.39.35.90"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428055/; classtype:trojan-activity;sid:81291155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl2a.exe"; depth:9; endswith; http.host; content:"4bec.org"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428054/; classtype:trojan-activity;sid:81291154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/xdw98prrad3uhas/eximex-lahetysasiakirjat.7z/file"; depth:54; endswith; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428053/; classtype:trojan-activity;sid:81291153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ucexport=download|7c|26|7c|id=1-36xz7tpv6bxtptfes4l534xidawumgv"; depth:64; endswith; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428052/; classtype:trojan-activity;sid:81291152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prfedwj/reporting/mharocwvhfqf/"; depth:32; endswith; http.host; content:"proitservice.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428051/; classtype:trojan-activity;sid:81291151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/file/"; depth:9; endswith; http.host; content:"slimover55.club"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428050/; classtype:trojan-activity;sid:81291150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/etrac/nxqnmpjx0ut3/"; depth:29; endswith; http.host; content:"faujimart.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428049/; classtype:trojan-activity;sid:81291149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.114.95.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428048/; classtype:trojan-activity;sid:81291148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.63.121"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428047/; classtype:trojan-activity;sid:81291147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.233.237.38"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428046/; classtype:trojan-activity;sid:81291146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.69.185.91"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428045/; classtype:trojan-activity;sid:81291145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.146.249.71"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428044/; classtype:trojan-activity;sid:81291144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"92.54.237.237"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428043/; classtype:trojan-activity;sid:81291143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428042/; classtype:trojan-activity;sid:81291142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428041/; classtype:trojan-activity;sid:81291141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428040/; classtype:trojan-activity;sid:81291140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428039/; classtype:trojan-activity;sid:81291139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428038/; classtype:trojan-activity;sid:81291138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428037/; classtype:trojan-activity;sid:81291137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.45.89"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428036/; classtype:trojan-activity;sid:81291136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"120.69.168.21"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428035/; classtype:trojan-activity;sid:81291135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.123.56"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428034/; classtype:trojan-activity;sid:81291134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.202.78.116"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428033/; classtype:trojan-activity;sid:81291133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.123.47.238"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428032/; classtype:trojan-activity;sid:81291132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.211.209"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428031/; classtype:trojan-activity;sid:81291131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"216.180.117.134"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428030/; classtype:trojan-activity;sid:81291130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"122.230.201.34"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428029/; classtype:trojan-activity;sid:81291129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.240.54"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428028/; classtype:trojan-activity;sid:81291128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.114.95.60"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428027/; classtype:trojan-activity;sid:81291127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.104.229.213"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428026/; classtype:trojan-activity;sid:81291126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/banuelos.mansanz.es/bio-5b5l6-61981/"; depth:37; endswith; http.host; content:"mansanz.es"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428025/; classtype:trojan-activity;sid:81291125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/email/werkspot/035waf1-ji8-09/"; depth:31; endswith; http.host; content:"chunkagency.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428024/; classtype:trojan-activity;sid:81291124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuentes/w3-jcv6-0375/"; depth:22; endswith; http.host; content:"www.doblementa.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428023/; classtype:trojan-activity;sid:81291123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/krvte-53-220653/"; depth:26; endswith; http.host; content:"pescataminuta.es"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428022/; classtype:trojan-activity;sid:81291122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup/mi60-je-86/"; depth:19; endswith; http.host; content:"mgbryant.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428021/; classtype:trojan-activity;sid:81291121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/esp/gkh96px4g19//"; depth:26; endswith; http.host; content:"www.yeumoitruong.vn"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428020/; classtype:trojan-activity;sid:81291120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ar/doc//"; depth:9; endswith; http.host; content:"www.aistidafa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428019/; classtype:trojan-activity;sid:81291119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyvbeljk4y/qvwiehs/ow99v8480931146487wpb0u8tcdh/"; depth:49; endswith; http.host; content:"komisior.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428018/; classtype:trojan-activity;sid:81291118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1080/report//"; depth:14; endswith; http.host; content:"backroom.co.nz"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428017/; classtype:trojan-activity;sid:81291117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/payment/qqeb30/"; depth:24; endswith; http.host; content:"shadarabia.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428016/; classtype:trojan-activity;sid:81291116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setupconfigo/lm/"; depth:17; endswith; http.host; content:"onefacilitysolutions.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428015/; classtype:trojan-activity;sid:81291115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mangiare/releases/oct/ar9itl6t50/5666971937cuix4c32/"; depth:53; endswith; http.host; content:"netdobrasil.net"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428014/; classtype:trojan-activity;sid:81291114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/invoice/y6sl5s/"; depth:21; endswith; http.host; content:"lokeshullamkecskemet.hu"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428013/; classtype:trojan-activity;sid:81291113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/payment/n27j435184836830zkr2t5d8loemooj/"; depth:53; endswith; http.host; content:"limpio.ba"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428012/; classtype:trojan-activity;sid:81291112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/payment/"; depth:16; endswith; http.host; content:"kor-network.de"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428011/; classtype:trojan-activity;sid:81291111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/includes/parts_service/tb5r0epqp9d/"; depth:47; endswith; http.host; content:"knightlycomputing.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428010/; classtype:trojan-activity;sid:81291110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/document/r5c1arpf/"; depth:28; endswith; http.host; content:"kappetijn.eu"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428009/; classtype:trojan-activity;sid:81291109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/done/page/css/3864924//"; depth:24; endswith; http.host; content:"imaspro.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428008/; classtype:trojan-activity;sid:81291108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/backup-1441643750-wp-admin/19i3zj98/2m48172795825417e3ammwb6s2tqe/"; depth:67; endswith; http.host; content:"gatewaycentrechurch.org"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428007/; classtype:trojan-activity;sid:81291107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/yopy26eytho/t8831033702902096n9lyiobpbxdoxwo/"; depth:54; endswith; http.host; content:"cistilniservis-t530.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428006/; classtype:trojan-activity;sid:81291106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sites/pages/invoice/ozypbu18/"; depth:30; endswith; http.host; content:"campdevanol.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428005/; classtype:trojan-activity;sid:81291105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bavi/paclm/"; depth:12; endswith; http.host; content:"cali.de"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428004/; classtype:trojan-activity;sid:81291104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/-/97429/ag0o2rz/fe0e02405426491588mi2esugoa1/"; depth:46; endswith; http.host; content:"briffe.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428003/; classtype:trojan-activity;sid:81291103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ag6884ym/"; depth:18; endswith; http.host; content:"bangkokcityjewel.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428002/; classtype:trojan-activity;sid:81291102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cli/document/kmyshbn0/"; depth:23; endswith; http.host; content:"asholbazar.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428001/; classtype:trojan-activity;sid:81291101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/protected-section/verified-area/pkik2g-y74u7y7u692v89/"; depth:63; endswith; http.host; content:"www.rbrandguitars.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/428000/; classtype:trojan-activity;sid:81291100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/multifunctional_disk/verifiable_profile/qifxfsfmcczu_59mih4lqmnlg6/"; depth:72; endswith; http.host; content:"web-host.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427999/; classtype:trojan-activity;sid:81291099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/certificates/protected-module/237q9v-3t9dtf4zrq-2925059-ewkyfjj/kjdv6pfyt-2ol1l5g610/"; depth:86; endswith; http.host; content:"wb0rur.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427998/; classtype:trojan-activity;sid:81291098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/common_05558348513_0wjmxejdehh/verifiable_1956938_viclkyny6cjiief/569081029682_jkkp8lp8sh/"; depth:98; endswith; http.host; content:"reperf.cl"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427997/; classtype:trojan-activity;sid:81291097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theme/protected-zone/external-warehouse/80988493564-zqxnln/"; depth:60; endswith; http.host; content:"josegene.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427996/; classtype:trojan-activity;sid:81291096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.148.46"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427995/; classtype:trojan-activity;sid:81291095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.78.218"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427994/; classtype:trojan-activity;sid:81291094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.41.59"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427993/; classtype:trojan-activity;sid:81291093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.27.74"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427992/; classtype:trojan-activity;sid:81291092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.235.46.19"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427991/; classtype:trojan-activity;sid:81291091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hemi.x86"; depth:14; endswith; http.host; content:"185.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427990/; classtype:trojan-activity;sid:81291090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hemi.mpsl"; depth:15; endswith; http.host; content:"185.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427989/; classtype:trojan-activity;sid:81291089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hemi.mips"; depth:15; endswith; http.host; content:"185.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427988/; classtype:trojan-activity;sid:81291088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hemi.arm6"; depth:15; endswith; http.host; content:"185.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427987/; classtype:trojan-activity;sid:81291087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hemi.arm5"; depth:15; endswith; http.host; content:"185.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427986/; classtype:trojan-activity;sid:81291086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hemi.arm"; depth:14; endswith; http.host; content:"185.172.110.189"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427985/; classtype:trojan-activity;sid:81291085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.146.227.45"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427984/; classtype:trojan-activity;sid:81291084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.243.189.236"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427983/; classtype:trojan-activity;sid:81291083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.81.96.70"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427982/; classtype:trojan-activity;sid:81291082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//arm"; depth:10; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427981/; classtype:trojan-activity;sid:81291081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427980/; classtype:trojan-activity;sid:81291080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427979/; classtype:trojan-activity;sid:81291079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427978/; classtype:trojan-activity;sid:81291078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427977/; classtype:trojan-activity;sid:81291077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.ghoul"; depth:13; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427976/; classtype:trojan-activity;sid:81291076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427975/; classtype:trojan-activity;sid:81291075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.ghoul"; depth:13; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427974/; classtype:trojan-activity;sid:81291074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427973/; classtype:trojan-activity;sid:81291073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.ghoul"; depth:13; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427972/; classtype:trojan-activity;sid:81291072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.ghoul"; depth:13; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427971/; classtype:trojan-activity;sid:81291071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427970/; classtype:trojan-activity;sid:81291070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.ghoul"; depth:14; endswith; http.host; content:"185.206.93.87"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427969/; classtype:trojan-activity;sid:81291069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.x86"; depth:17; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427968/; classtype:trojan-activity;sid:81291068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.spc"; depth:17; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427967/; classtype:trojan-activity;sid:81291067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.sh4"; depth:17; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427966/; classtype:trojan-activity;sid:81291066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.ppc"; depth:17; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427965/; classtype:trojan-activity;sid:81291065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.mpsl"; depth:18; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427964/; classtype:trojan-activity;sid:81291064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.mips"; depth:18; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427963/; classtype:trojan-activity;sid:81291063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.m68k"; depth:18; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427962/; classtype:trojan-activity;sid:81291062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm7"; depth:18; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427961/; classtype:trojan-activity;sid:81291061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm6"; depth:18; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427960/; classtype:trojan-activity;sid:81291060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm5"; depth:18; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427959/; classtype:trojan-activity;sid:81291059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/meerkat.arm"; depth:17; endswith; http.host; content:"185.172.110.186"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427958/; classtype:trojan-activity;sid:81291058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.20.30"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427957/; classtype:trojan-activity;sid:81291057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.218.18.156"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427956/; classtype:trojan-activity;sid:81291056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.53.178"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427955/; classtype:trojan-activity;sid:81291055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.85.245"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427954/; classtype:trojan-activity;sid:81291054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.96.88"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427953/; classtype:trojan-activity;sid:81291053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.177.251"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427952/; classtype:trojan-activity;sid:81291052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.143.32.59"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427951/; classtype:trojan-activity;sid:81291051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.39.53.40"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427950/; classtype:trojan-activity;sid:81291050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.85.54.87"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427949/; classtype:trojan-activity;sid:81291049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.134.185.11"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427948/; classtype:trojan-activity;sid:81291048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.242.59.153"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427947/; classtype:trojan-activity;sid:81291047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.36.146"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427946/; classtype:trojan-activity;sid:81291046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.226.235.103"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427945/; classtype:trojan-activity;sid:81291045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.47.69"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427944/; classtype:trojan-activity;sid:81291044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.36.224"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427943/; classtype:trojan-activity;sid:81291043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.132.144.233"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427942/; classtype:trojan-activity;sid:81291042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.235.210.109"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427941/; classtype:trojan-activity;sid:81291041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.87.170.80"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427940/; classtype:trojan-activity;sid:81291040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.132.144.21"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427939/; classtype:trojan-activity;sid:81291039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.134.185.230"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427938/; classtype:trojan-activity;sid:81291038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.226.211.144"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427937/; classtype:trojan-activity;sid:81291037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.147.83"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427936/; classtype:trojan-activity;sid:81291036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3307"; depth:5; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427935/; classtype:trojan-activity;sid:81291035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3306"; depth:5; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427934/; classtype:trojan-activity;sid:81291034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/443"; depth:4; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427933/; classtype:trojan-activity;sid:81291033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53"; depth:3; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427932/; classtype:trojan-activity;sid:81291032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23"; depth:3; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427931/; classtype:trojan-activity;sid:81291031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21"; depth:3; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427930/; classtype:trojan-activity;sid:81291030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.76"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427929/; classtype:trojan-activity;sid:81291029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.124.58"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427928/; classtype:trojan-activity;sid:81291028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.246.184"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427927/; classtype:trojan-activity;sid:81291027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.122.62.35"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427926/; classtype:trojan-activity;sid:81291026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.7.74"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427925/; classtype:trojan-activity;sid:81291025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.246.178"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427924/; classtype:trojan-activity;sid:81291024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.199.175"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427923/; classtype:trojan-activity;sid:81291023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.146.115.114"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427922/; classtype:trojan-activity;sid:81291022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"223.93.171.210"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427921/; classtype:trojan-activity;sid:81291021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc"; depth:56; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427920/; classtype:trojan-activity;sid:81291020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.spc"; depth:56; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427919/; classtype:trojan-activity;sid:81291019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4"; depth:56; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427918/; classtype:trojan-activity;sid:81291018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl"; depth:57; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427917/; classtype:trojan-activity;sid:81291017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips"; depth:57; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427916/; classtype:trojan-activity;sid:81291016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k"; depth:57; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427915/; classtype:trojan-activity;sid:81291015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7"; depth:57; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427914/; classtype:trojan-activity;sid:81291014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6"; depth:57; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427913/; classtype:trojan-activity;sid:81291013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5"; depth:57; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427912/; classtype:trojan-activity;sid:81291012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm"; depth:56; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427911/; classtype:trojan-activity;sid:81291011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.ppc"; depth:18; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427910/; classtype:trojan-activity;sid:81291010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.spc"; depth:18; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427909/; classtype:trojan-activity;sid:81291009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.sh4"; depth:18; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427908/; classtype:trojan-activity;sid:81291008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.mpsl"; depth:19; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427907/; classtype:trojan-activity;sid:81291007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.mips"; depth:19; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427906/; classtype:trojan-activity;sid:81291006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.m68k"; depth:19; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427905/; classtype:trojan-activity;sid:81291005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.arm7"; depth:19; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427904/; classtype:trojan-activity;sid:81291004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.arm6"; depth:19; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427903/; classtype:trojan-activity;sid:81291003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.arm5"; depth:19; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427902/; classtype:trojan-activity;sid:81291002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.arm"; depth:18; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427901/; classtype:trojan-activity;sid:81291001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jkira.x86"; depth:15; endswith; http.host; content:"45.95.168.118"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427900/; classtype:trojan-activity;sid:81291000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmaowtf/loligang.x86"; depth:21; endswith; http.host; content:"45.77.60.245"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427899/; classtype:trojan-activity;sid:81290999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86"; depth:56; endswith; http.host; content:"194.87.138.126"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427898/; classtype:trojan-activity;sid:81290998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandoras_box/pandora.x86"; depth:25; endswith; http.host; content:"37.49.224.9"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427897/; classtype:trojan-activity;sid:81290997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hoho.x86"; depth:14; endswith; http.host; content:"172.104.167.153"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427896/; classtype:trojan-activity;sid:81290996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmaowtf/loligang.x86"; depth:21; endswith; http.host; content:"95.216.186.197"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427895/; classtype:trojan-activity;sid:81290995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corret/c0rret.x86"; depth:18; endswith; http.host; content:"51.15.79.163"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427894/; classtype:trojan-activity;sid:81290994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scylla.sh"; depth:10; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427893/; classtype:trojan-activity;sid:81290993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.arm7"; depth:42; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427892/; classtype:trojan-activity;sid:81290992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.arm6"; depth:42; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427891/; classtype:trojan-activity;sid:81290991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.arm5"; depth:42; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427890/; classtype:trojan-activity;sid:81290990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.arm"; depth:41; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427889/; classtype:trojan-activity;sid:81290989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.ppc"; depth:41; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427888/; classtype:trojan-activity;sid:81290988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.spc"; depth:41; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427887/; classtype:trojan-activity;sid:81290987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.m68k"; depth:42; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427886/; classtype:trojan-activity;sid:81290986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.sh4"; depth:41; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427885/; classtype:trojan-activity;sid:81290985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.mpsl"; depth:42; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427884/; classtype:trojan-activity;sid:81290984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.mips"; depth:42; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427883/; classtype:trojan-activity;sid:81290983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuckmalwareresearchers/fuckintoaster.x86"; depth:41; endswith; http.host; content:"45.95.168.247"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427882/; classtype:trojan-activity;sid:81290982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.221.251.147"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427881/; classtype:trojan-activity;sid:81290981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.20.159"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427880/; classtype:trojan-activity;sid:81290980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.114.77.193"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427879/; classtype:trojan-activity;sid:81290979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.67.89.40"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427878/; classtype:trojan-activity;sid:81290978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"218.21.170.249"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427877/; classtype:trojan-activity;sid:81290977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.15.224"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427876/; classtype:trojan-activity;sid:81290976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.26.12.213"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427875/; classtype:trojan-activity;sid:81290975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.24.177"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427874/; classtype:trojan-activity;sid:81290974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.146.115.147"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427873/; classtype:trojan-activity;sid:81290973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.52.164.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427872/; classtype:trojan-activity;sid:81290972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.126"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427871/; classtype:trojan-activity;sid:81290971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"5.152.0.200"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427870/; classtype:trojan-activity;sid:81290970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.33.136"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427869/; classtype:trojan-activity;sid:81290969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgfaf.sh"; depth:9; endswith; http.host; content:"185.172.111.202"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427868/; classtype:trojan-activity;sid:81290968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/testing.spc"; depth:17; endswith; http.host; content:"185.172.111.202"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427867/; classtype:trojan-activity;sid:81290967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.51.185"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427866/; classtype:trojan-activity;sid:81290966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.247.233"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427865/; classtype:trojan-activity;sid:81290965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.226.82.119"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427864/; classtype:trojan-activity;sid:81290964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"94.43.139.49"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427863/; classtype:trojan-activity;sid:81290963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.120.79.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_09; reference:url, urlhaus.abuse.ch/url/427862/; classtype:trojan-activity;sid:81290962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8000"; depth:5; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427861/; classtype:trojan-activity;sid:81290961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8080"; depth:5; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427860/; classtype:trojan-activity;sid:81290960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3309"; depth:5; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427859/; classtype:trojan-activity;sid:81290959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3308"; depth:5; endswith; http.host; content:"98.159.110.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427858/; classtype:trojan-activity;sid:81290958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/x86"; depth:11; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427857/; classtype:trojan-activity;sid:81290957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/sh4"; depth:11; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427856/; classtype:trojan-activity;sid:81290956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/ppc"; depth:11; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427855/; classtype:trojan-activity;sid:81290955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/mpsl"; depth:12; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427854/; classtype:trojan-activity;sid:81290954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/mips"; depth:12; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427853/; classtype:trojan-activity;sid:81290953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/m68k"; depth:12; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427852/; classtype:trojan-activity;sid:81290952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/arm7"; depth:12; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427851/; classtype:trojan-activity;sid:81290951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/arm6"; depth:12; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427850/; classtype:trojan-activity;sid:81290950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/arm5"; depth:12; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427849/; classtype:trojan-activity;sid:81290949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/adb/arm"; depth:11; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427848/; classtype:trojan-activity;sid:81290948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"94.43.101.226"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427847/; classtype:trojan-activity;sid:81290947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.104"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427846/; classtype:trojan-activity;sid:81290946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.63.159.220"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427845/; classtype:trojan-activity;sid:81290945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.123.170.142"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427844/; classtype:trojan-activity;sid:81290944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"118.42.233.90"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427843/; classtype:trojan-activity;sid:81290943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"110.155.217.44"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427842/; classtype:trojan-activity;sid:81290942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.20.55"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427841/; classtype:trojan-activity;sid:81290941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.179.216"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427840/; classtype:trojan-activity;sid:81290940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"125.104.242.33"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427839/; classtype:trojan-activity;sid:81290939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.117.189.23"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427838/; classtype:trojan-activity;sid:81290938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invoice.exe"; depth:12; endswith; http.host; content:"shopphongtinh.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427837/; classtype:trojan-activity;sid:81290937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.85.218"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427836/; classtype:trojan-activity;sid:81290936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.73.242"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427835/; classtype:trojan-activity;sid:81290935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.73.233"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427834/; classtype:trojan-activity;sid:81290934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.167.53"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427833/; classtype:trojan-activity;sid:81290933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"199.83.200.220"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427832/; classtype:trojan-activity;sid:81290932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.78.210"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427831/; classtype:trojan-activity;sid:81290931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.221.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427830/; classtype:trojan-activity;sid:81290930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.229.199.57"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427829/; classtype:trojan-activity;sid:81290929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.74.186.176"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427828/; classtype:trojan-activity;sid:81290928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"162.212.115.159"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427827/; classtype:trojan-activity;sid:81290927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"195.214.252.110"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427826/; classtype:trojan-activity;sid:81290926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.123.109.137"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427825/; classtype:trojan-activity;sid:81290925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.78.117.85"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427824/; classtype:trojan-activity;sid:81290924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"178.134.185.178"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427823/; classtype:trojan-activity;sid:81290923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//x86"; depth:10; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427822/; classtype:trojan-activity;sid:81290922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/m_u8_iv41d84ow/"; depth:25; endswith; http.host; content:"skydiarynepal.org"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427821/; classtype:trojan-activity;sid:81290921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"199.83.203.202"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427820/; classtype:trojan-activity;sid:81290920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.113.161.95"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427819/; classtype:trojan-activity;sid:81290919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.39.9.76"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427818/; classtype:trojan-activity;sid:81290918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.204.165"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427817/; classtype:trojan-activity;sid:81290917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.20.6"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427816/; classtype:trojan-activity;sid:81290916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"110.155.50.16"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427815/; classtype:trojan-activity;sid:81290915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadcid=b9e0bf86d3bee8e7|7c|26|7c|resid=b9e0bf86d3bee8e7%21189|7c|26|7c|authkey=agaoq4of9yuqxqe"; depth:100; endswith; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427814/; classtype:trojan-activity;sid:81290914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eternal_dropper.exe"; depth:20; endswith; http.host; content:"cnc.cyberwex.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427813/; classtype:trojan-activity;sid:81290913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erros/private_0276053_qflkbh/test_6mtph_rktg3/642861349_vr4hpomhkd1fl7q/"; depth:73; endswith; http.host; content:"mrveggy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427812/; classtype:trojan-activity;sid:81290912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/spdij5/"; depth:22; endswith; http.host; content:"www.welcomehouse.ca"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427811/; classtype:trojan-activity;sid:81290911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/e2ky_18j8_wn4v/"; depth:25; endswith; http.host; content:"vandamebuilders.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427810/; classtype:trojan-activity;sid:81290910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.30.243"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427809/; classtype:trojan-activity;sid:81290909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.97.157.252"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427808/; classtype:trojan-activity;sid:81290908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.5.30.14"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427807/; classtype:trojan-activity;sid:81290907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.221.251.102"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427806/; classtype:trojan-activity;sid:81290906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.124.17"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427805/; classtype:trojan-activity;sid:81290905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"101.108.176.50"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427804/; classtype:trojan-activity;sid:81290904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.45.140"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427803/; classtype:trojan-activity;sid:81290903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.52.251"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427802/; classtype:trojan-activity;sid:81290902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.49.156.167"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427801/; classtype:trojan-activity;sid:81290901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgftp/7caivw0-i3p-546467/"; depth:26; endswith; http.host; content:"www.choweng.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427800/; classtype:trojan-activity;sid:81290900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/turismo/jrepilbqm/"; depth:19; endswith; http.host; content:"cearacultural.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427799/; classtype:trojan-activity;sid:81290899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/fspv-2e4-1235/"; depth:19; endswith; http.host; content:"tewoerd.eu"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427798/; classtype:trojan-activity;sid:81290898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.149.240.44"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427797/; classtype:trojan-activity;sid:81290897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.45.115"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427796/; classtype:trojan-activity;sid:81290896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.124.61"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427795/; classtype:trojan-activity;sid:81290895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.201.40.66"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427794/; classtype:trojan-activity;sid:81290894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.116.40.133"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427793/; classtype:trojan-activity;sid:81290893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"5.152.0.120"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427792/; classtype:trojan-activity;sid:81290892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/private-r5243jcgn-r8tjpnzf7nxu6jue/additional-space/8jds1rrj-d2bh6r4enx/"; depth:78; endswith; http.host; content:"www.greaudstudio.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427791/; classtype:trojan-activity;sid:81290891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"171.40.183.40"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427790/; classtype:trojan-activity;sid:81290890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"58.243.121.200"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427789/; classtype:trojan-activity;sid:81290889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.52.189.11"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427788/; classtype:trojan-activity;sid:81290888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/search/swift/"; depth:14; endswith; http.host; content:"114tv.cc"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_08; reference:url, urlhaus.abuse.ch/url/427787/; classtype:trojan-activity;sid:81290887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/search/file/shr0tqb/"; depth:21; endswith; http.host; content:"xin4080.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427786/; classtype:trojan-activity;sid:81290886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/etrac/zxw54x7781161974w6u9zcelwtp9apy/"; depth:47; endswith; http.host; content:"txadopteerights.org"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427785/; classtype:trojan-activity;sid:81290885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/swift/"; depth:16; endswith; http.host; content:"thedp.org"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427784/; classtype:trojan-activity;sid:81290884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/scan/"; depth:15; endswith; http.host; content:"www.ittzz.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427783/; classtype:trojan-activity;sid:81290883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/document/"; depth:19; endswith; http.host; content:"www.eduask2020.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427782/; classtype:trojan-activity;sid:81290882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/document/xthm5km/"; depth:29; endswith; http.host; content:"damoshushu.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427781/; classtype:trojan-activity;sid:81290881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/payment/c3zxls85m/"; depth:30; endswith; http.host; content:"26v.cn"; depth:6; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427780/; classtype:trojan-activity;sid:81290880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/balance/k2c3gul6q/"; depth:28; endswith; http.host; content:"one2site.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427779/; classtype:trojan-activity;sid:81290879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/doc/"; depth:8; endswith; http.host; content:"thaidreamhouse.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427778/; classtype:trojan-activity;sid:81290878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fcxca/4ynfhonc/"; depth:16; endswith; http.host; content:"consysteminformatica.com.br"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427777/; classtype:trojan-activity;sid:81290877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/balance/ev2q6dk/"; depth:28; endswith; http.host; content:"tranduc.net"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427776/; classtype:trojan-activity;sid:81290876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meazk4/gdy09w7a/"; depth:17; endswith; http.host; content:"secure-risk.namaskara.me"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427775/; classtype:trojan-activity;sid:81290875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins/public/skb4kx686591879sawt1mr8n0/"; depth:42; endswith; http.host; content:"violetflame.glass"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427774/; classtype:trojan-activity;sid:81290874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/190oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427773/; classtype:trojan-activity;sid:81290873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/agro.php"; depth:13; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427772/; classtype:trojan-activity;sid:81290872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/300oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427771/; classtype:trojan-activity;sid:81290871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/170oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427770/; classtype:trojan-activity;sid:81290870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/120oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427769/; classtype:trojan-activity;sid:81290869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/esp/d454amxfyb/1ck9689523059508qcaqbld8shfvnq/"; depth:56; endswith; http.host; content:"baobatdongsanonline.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427768/; classtype:trojan-activity;sid:81290868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/240oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427767/; classtype:trojan-activity;sid:81290867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/110oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427766/; classtype:trojan-activity;sid:81290866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/60oor7.exe"; depth:15; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427765/; classtype:trojan-activity;sid:81290865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/330oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427764/; classtype:trojan-activity;sid:81290864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/450oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427763/; classtype:trojan-activity;sid:81290863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/gnnjpt/"; depth:24; endswith; http.host; content:"landing.rralya.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427762/; classtype:trojan-activity;sid:81290862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/430oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427761/; classtype:trojan-activity;sid:81290861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/180oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427760/; classtype:trojan-activity;sid:81290860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/50oor7.exe"; depth:15; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427759/; classtype:trojan-activity;sid:81290859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/440oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427758/; classtype:trojan-activity;sid:81290858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/270oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427757/; classtype:trojan-activity;sid:81290857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/140oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427756/; classtype:trojan-activity;sid:81290856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/310oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427755/; classtype:trojan-activity;sid:81290855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/490oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427754/; classtype:trojan-activity;sid:81290854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/290oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427753/; classtype:trojan-activity;sid:81290853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/470oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427752/; classtype:trojan-activity;sid:81290852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/320oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427751/; classtype:trojan-activity;sid:81290851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/420oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427750/; classtype:trojan-activity;sid:81290850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/100oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427749/; classtype:trojan-activity;sid:81290849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/200oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427748/; classtype:trojan-activity;sid:81290848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/150oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427747/; classtype:trojan-activity;sid:81290847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/210oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427746/; classtype:trojan-activity;sid:81290846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/160oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427745/; classtype:trojan-activity;sid:81290845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/130oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427744/; classtype:trojan-activity;sid:81290844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/380oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427743/; classtype:trojan-activity;sid:81290843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/480oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427742/; classtype:trojan-activity;sid:81290842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/360oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427741/; classtype:trojan-activity;sid:81290841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/80oor7.exe"; depth:15; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427740/; classtype:trojan-activity;sid:81290840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/500oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427739/; classtype:trojan-activity;sid:81290839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/350oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427738/; classtype:trojan-activity;sid:81290838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/410oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427737/; classtype:trojan-activity;sid:81290837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/260oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427736/; classtype:trojan-activity;sid:81290836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/280oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427735/; classtype:trojan-activity;sid:81290835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/70oor7.exe"; depth:15; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427734/; classtype:trojan-activity;sid:81290834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/250oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427733/; classtype:trojan-activity;sid:81290833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/220oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427732/; classtype:trojan-activity;sid:81290832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/390oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427731/; classtype:trojan-activity;sid:81290831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/90oor7.exe"; depth:15; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427730/; classtype:trojan-activity;sid:81290830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/400oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427729/; classtype:trojan-activity;sid:81290829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/0oor7.exe"; depth:14; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427728/; classtype:trojan-activity;sid:81290828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/230oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427727/; classtype:trojan-activity;sid:81290827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/370oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427726/; classtype:trojan-activity;sid:81290826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/340oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427725/; classtype:trojan-activity;sid:81290825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hhg/460oor7.exe"; depth:16; endswith; http.host; content:"kourtoglou.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427724/; classtype:trojan-activity;sid:81290824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/parts_service/afy0hoc180336878121hgpl2bzjno9y6s5b/"; depth:60; endswith; http.host; content:"indoplc.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427723/; classtype:trojan-activity;sid:81290823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/e2ky_18j8_wn4v/"; depth:25; endswith; http.host; content:"vandamebuilders.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427722/; classtype:trojan-activity;sid:81290822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/report/b17892056589733xczcjkjvqctpr9v9sm/"; depth:51; endswith; http.host; content:"pusatppm.poltekkesbandung.com"; depth:29; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427721/; classtype:trojan-activity;sid:81290821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/online/90fb31/"; depth:15; endswith; http.host; content:"nilinkeji.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427720/; classtype:trojan-activity;sid:81290820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dz9mzaobu3/37z/"; depth:16; endswith; http.host; content:"amagna.nl"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427719/; classtype:trojan-activity;sid:81290819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lkx7/lqoh8s/"; depth:13; endswith; http.host; content:"scyzm.net"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427718/; classtype:trojan-activity;sid:81290818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/captchasignup/4j579681/"; depth:24; endswith; http.host; content:"uniral.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427717/; classtype:trojan-activity;sid:81290817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/prx892/"; depth:17; endswith; http.host; content:"manandvanwaterlooville.co.uk"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427716/; classtype:trojan-activity;sid:81290816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/af/llc/"; depth:8; endswith; http.host; content:"innovertec.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427715/; classtype:trojan-activity;sid:81290815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/overview/io5jxxn/bgj47y547025649713mwp5oacg8y6/"; depth:59; endswith; http.host; content:"asenagiyim.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427714/; classtype:trojan-activity;sid:81290814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/245on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427713/; classtype:trojan-activity;sid:81290813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/4on892it.exe"; depth:24; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427712/; classtype:trojan-activity;sid:81290812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/27on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427711/; classtype:trojan-activity;sid:81290811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/255on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427710/; classtype:trojan-activity;sid:81290810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/25on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427709/; classtype:trojan-activity;sid:81290809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/235on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427708/; classtype:trojan-activity;sid:81290808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/243on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427707/; classtype:trojan-activity;sid:81290807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/250on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427706/; classtype:trojan-activity;sid:81290806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/108on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427705/; classtype:trojan-activity;sid:81290805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/121on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427704/; classtype:trojan-activity;sid:81290804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/294on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427703/; classtype:trojan-activity;sid:81290803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/39on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427702/; classtype:trojan-activity;sid:81290802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/162on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427701/; classtype:trojan-activity;sid:81290801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/209on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427700/; classtype:trojan-activity;sid:81290800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/190on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427699/; classtype:trojan-activity;sid:81290799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/274on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427698/; classtype:trojan-activity;sid:81290798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/54on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427697/; classtype:trojan-activity;sid:81290797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/159on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427696/; classtype:trojan-activity;sid:81290796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/teqvm_n0yai_84/"; depth:25; endswith; http.host; content:"csmbuildersllc.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427695/; classtype:trojan-activity;sid:81290795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/fy_4bqe_zu6ew/"; depth:24; endswith; http.host; content:"deservingveterans.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427694/; classtype:trojan-activity;sid:81290794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/qawpw_v1_ghe1wmzxzc/"; depth:30; endswith; http.host; content:"luckyme247.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427693/; classtype:trojan-activity;sid:81290793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/qpfv_e_y3lk0sp6i/"; depth:22; endswith; http.host; content:"eldiosstore.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427692/; classtype:trojan-activity;sid:81290792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/16on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427691/; classtype:trojan-activity;sid:81290791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/158on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427690/; classtype:trojan-activity;sid:81290790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/153on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427689/; classtype:trojan-activity;sid:81290789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/56on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427688/; classtype:trojan-activity;sid:81290788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/20on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427687/; classtype:trojan-activity;sid:81290787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/259on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427686/; classtype:trojan-activity;sid:81290786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/healthcare.php"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427685/; classtype:trojan-activity;sid:81290785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/41on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427684/; classtype:trojan-activity;sid:81290784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/225on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427683/; classtype:trojan-activity;sid:81290783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/18on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427682/; classtype:trojan-activity;sid:81290782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/177on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427681/; classtype:trojan-activity;sid:81290781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/3on892it.exe"; depth:24; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427680/; classtype:trojan-activity;sid:81290780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/193on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427679/; classtype:trojan-activity;sid:81290779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/23on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427678/; classtype:trojan-activity;sid:81290778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/248on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427677/; classtype:trojan-activity;sid:81290777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/226on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427676/; classtype:trojan-activity;sid:81290776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/220on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427675/; classtype:trojan-activity;sid:81290775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/293on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427674/; classtype:trojan-activity;sid:81290774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/144on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427673/; classtype:trojan-activity;sid:81290773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/155on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427672/; classtype:trojan-activity;sid:81290772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/53on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427671/; classtype:trojan-activity;sid:81290771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/203on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427670/; classtype:trojan-activity;sid:81290770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/137on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427669/; classtype:trojan-activity;sid:81290769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/51on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427668/; classtype:trojan-activity;sid:81290768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/llc/"; depth:9; endswith; http.host; content:"w7.yoyoteacher.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427667/; classtype:trojan-activity;sid:81290767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/113on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427666/; classtype:trojan-activity;sid:81290766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/145on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427665/; classtype:trojan-activity;sid:81290765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/265on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427664/; classtype:trojan-activity;sid:81290764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/180on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427663/; classtype:trojan-activity;sid:81290763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/179on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427662/; classtype:trojan-activity;sid:81290762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/136on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427661/; classtype:trojan-activity;sid:81290761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/157on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427660/; classtype:trojan-activity;sid:81290760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/173on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427659/; classtype:trojan-activity;sid:81290759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/100on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427658/; classtype:trojan-activity;sid:81290758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/135on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427657/; classtype:trojan-activity;sid:81290757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/50on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427656/; classtype:trojan-activity;sid:81290756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/175on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427655/; classtype:trojan-activity;sid:81290755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/268on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427654/; classtype:trojan-activity;sid:81290754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/142on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427653/; classtype:trojan-activity;sid:81290753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/263on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427652/; classtype:trojan-activity;sid:81290752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/281on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427651/; classtype:trojan-activity;sid:81290751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/195on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427650/; classtype:trojan-activity;sid:81290750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/284on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427649/; classtype:trojan-activity;sid:81290749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/32on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427648/; classtype:trojan-activity;sid:81290748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/11on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427647/; classtype:trojan-activity;sid:81290747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/278on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427646/; classtype:trojan-activity;sid:81290746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/143on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427645/; classtype:trojan-activity;sid:81290745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/238on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427644/; classtype:trojan-activity;sid:81290744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/21on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427643/; classtype:trojan-activity;sid:81290743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/219on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427642/; classtype:trojan-activity;sid:81290742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/170on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427641/; classtype:trojan-activity;sid:81290741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/241on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427640/; classtype:trojan-activity;sid:81290740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/176on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427639/; classtype:trojan-activity;sid:81290739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/102on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427638/; classtype:trojan-activity;sid:81290738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/154on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427637/; classtype:trojan-activity;sid:81290737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/233on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427636/; classtype:trojan-activity;sid:81290736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/207on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427635/; classtype:trojan-activity;sid:81290735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/232on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427634/; classtype:trojan-activity;sid:81290734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/260on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427633/; classtype:trojan-activity;sid:81290733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/201on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427632/; classtype:trojan-activity;sid:81290732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/197on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427631/; classtype:trojan-activity;sid:81290731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/199on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427630/; classtype:trojan-activity;sid:81290730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/218on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427629/; classtype:trojan-activity;sid:81290729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/101on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427628/; classtype:trojan-activity;sid:81290728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/47on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427627/; classtype:trojan-activity;sid:81290727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/229on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427626/; classtype:trojan-activity;sid:81290726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/275on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427625/; classtype:trojan-activity;sid:81290725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/1on892it.exe"; depth:24; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427624/; classtype:trojan-activity;sid:81290724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/152on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427623/; classtype:trojan-activity;sid:81290723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/192on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427622/; classtype:trojan-activity;sid:81290722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/13on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427621/; classtype:trojan-activity;sid:81290721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/246on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427620/; classtype:trojan-activity;sid:81290720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/22on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427619/; classtype:trojan-activity;sid:81290719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/227on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427618/; classtype:trojan-activity;sid:81290718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/60on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427617/; classtype:trojan-activity;sid:81290717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/103on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427616/; classtype:trojan-activity;sid:81290716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/80on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427615/; classtype:trojan-activity;sid:81290715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/174on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427614/; classtype:trojan-activity;sid:81290714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/181on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427613/; classtype:trojan-activity;sid:81290713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/269on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427612/; classtype:trojan-activity;sid:81290712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/59on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427611/; classtype:trojan-activity;sid:81290711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/156on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427610/; classtype:trojan-activity;sid:81290710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/116on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427609/; classtype:trojan-activity;sid:81290709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/46on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427608/; classtype:trojan-activity;sid:81290708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/271on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427607/; classtype:trojan-activity;sid:81290707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/106on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427606/; classtype:trojan-activity;sid:81290706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/172on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427605/; classtype:trojan-activity;sid:81290705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/147on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427604/; classtype:trojan-activity;sid:81290704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/14on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427603/; classtype:trojan-activity;sid:81290703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/234on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427602/; classtype:trojan-activity;sid:81290702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/146on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427601/; classtype:trojan-activity;sid:81290701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/183on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427600/; classtype:trojan-activity;sid:81290700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/104on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427599/; classtype:trojan-activity;sid:81290699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/43on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427598/; classtype:trojan-activity;sid:81290698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/63on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427597/; classtype:trojan-activity;sid:81290697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/26on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427596/; classtype:trojan-activity;sid:81290696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/95on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427595/; classtype:trojan-activity;sid:81290695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/24on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427594/; classtype:trojan-activity;sid:81290694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/273on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427593/; classtype:trojan-activity;sid:81290693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/261on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427592/; classtype:trojan-activity;sid:81290692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/37on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427591/; classtype:trojan-activity;sid:81290691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/57on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427590/; classtype:trojan-activity;sid:81290690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/186on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427589/; classtype:trojan-activity;sid:81290689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/166on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427588/; classtype:trojan-activity;sid:81290688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/237on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427587/; classtype:trojan-activity;sid:81290687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/105on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427586/; classtype:trojan-activity;sid:81290686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/33on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427585/; classtype:trojan-activity;sid:81290685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/2on892it.exe"; depth:24; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427584/; classtype:trojan-activity;sid:81290684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/254on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427583/; classtype:trojan-activity;sid:81290683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/119on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427582/; classtype:trojan-activity;sid:81290682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/212on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427581/; classtype:trojan-activity;sid:81290681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/230on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427580/; classtype:trojan-activity;sid:81290680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/45on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427579/; classtype:trojan-activity;sid:81290679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/187on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427578/; classtype:trojan-activity;sid:81290678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/8on892it.exe"; depth:24; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427577/; classtype:trojan-activity;sid:81290677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/272on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427576/; classtype:trojan-activity;sid:81290676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/253on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427575/; classtype:trojan-activity;sid:81290675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/58on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427574/; classtype:trojan-activity;sid:81290674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/160on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427573/; classtype:trojan-activity;sid:81290673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/292on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427572/; classtype:trojan-activity;sid:81290672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/270on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427571/; classtype:trojan-activity;sid:81290671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/118on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427570/; classtype:trojan-activity;sid:81290670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/52on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427569/; classtype:trojan-activity;sid:81290669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/130on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427568/; classtype:trojan-activity;sid:81290668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/266on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427567/; classtype:trojan-activity;sid:81290667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/283on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427566/; classtype:trojan-activity;sid:81290666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/276on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427565/; classtype:trojan-activity;sid:81290665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/126on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427564/; classtype:trojan-activity;sid:81290664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/5on892it.exe"; depth:24; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427563/; classtype:trojan-activity;sid:81290663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/289on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427562/; classtype:trojan-activity;sid:81290662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/206on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427561/; classtype:trojan-activity;sid:81290661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/228on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427560/; classtype:trojan-activity;sid:81290660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/48on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427559/; classtype:trojan-activity;sid:81290659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/214on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427558/; classtype:trojan-activity;sid:81290658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/38on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427557/; classtype:trojan-activity;sid:81290657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/286on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427556/; classtype:trojan-activity;sid:81290656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/242on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427555/; classtype:trojan-activity;sid:81290655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/257on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427554/; classtype:trojan-activity;sid:81290654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/251on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427553/; classtype:trojan-activity;sid:81290653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/10on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427552/; classtype:trojan-activity;sid:81290652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/140on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427551/; classtype:trojan-activity;sid:81290651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/139on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427550/; classtype:trojan-activity;sid:81290650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/267on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427549/; classtype:trojan-activity;sid:81290649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/236on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427548/; classtype:trojan-activity;sid:81290648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/298on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427547/; classtype:trojan-activity;sid:81290647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/131on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427546/; classtype:trojan-activity;sid:81290646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/141on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427545/; classtype:trojan-activity;sid:81290645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/208on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427544/; classtype:trojan-activity;sid:81290644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/300on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427543/; classtype:trojan-activity;sid:81290643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/249on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427542/; classtype:trojan-activity;sid:81290642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/107on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427541/; classtype:trojan-activity;sid:81290641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/239on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427540/; classtype:trojan-activity;sid:81290640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/138on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427539/; classtype:trojan-activity;sid:81290639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/30on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427538/; classtype:trojan-activity;sid:81290638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/258on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427537/; classtype:trojan-activity;sid:81290637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/200on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427536/; classtype:trojan-activity;sid:81290636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/288on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427535/; classtype:trojan-activity;sid:81290635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/92on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427534/; classtype:trojan-activity;sid:81290634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/148on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427533/; classtype:trojan-activity;sid:81290633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/123on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427532/; classtype:trojan-activity;sid:81290632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/282on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427531/; classtype:trojan-activity;sid:81290631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/151on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427530/; classtype:trojan-activity;sid:81290630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/264on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427529/; classtype:trojan-activity;sid:81290629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/122on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427528/; classtype:trojan-activity;sid:81290628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/277on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427527/; classtype:trojan-activity;sid:81290627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/188on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427526/; classtype:trojan-activity;sid:81290626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/150on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427525/; classtype:trojan-activity;sid:81290625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/129on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427524/; classtype:trojan-activity;sid:81290624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/31on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427523/; classtype:trojan-activity;sid:81290623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/194on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427522/; classtype:trojan-activity;sid:81290622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/112on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427521/; classtype:trojan-activity;sid:81290621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/204on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427520/; classtype:trojan-activity;sid:81290620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/110on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427519/; classtype:trojan-activity;sid:81290619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/252on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427518/; classtype:trojan-activity;sid:81290618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/291on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427517/; classtype:trojan-activity;sid:81290617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/295on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427516/; classtype:trojan-activity;sid:81290616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/40on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427515/; classtype:trojan-activity;sid:81290615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/287on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427514/; classtype:trojan-activity;sid:81290614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/171on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427513/; classtype:trojan-activity;sid:81290613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/168on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427512/; classtype:trojan-activity;sid:81290612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/262on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427511/; classtype:trojan-activity;sid:81290611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/127on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427510/; classtype:trojan-activity;sid:81290610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/120on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427509/; classtype:trojan-activity;sid:81290609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/17on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427508/; classtype:trojan-activity;sid:81290608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/35on892it.exe"; depth:25; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427507/; classtype:trojan-activity;sid:81290607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromestre/231on892it.exe"; depth:26; endswith; http.host; content:"andicomedicalsuppliers.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427506/; classtype:trojan-activity;sid:81290606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/documentation/k3696948790282385274ly3qd5948h/"; depth:58; endswith; http.host; content:"yoyoteacher.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427505/; classtype:trojan-activity;sid:81290605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/oct/6zl0tix9p5vw/"; depth:27; endswith; http.host; content:"rekabangunselaras.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427504/; classtype:trojan-activity;sid:81290604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/personal_resource/09838294438_mbomswezhhak_5009y0r_zuv1lmxioln4epf/0909749832_gml2uvdawnrtu/"; depth:101; endswith; http.host; content:"cddvd.kz"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427503/; classtype:trojan-activity;sid:81290603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ld/swift/kj0rf3v/"; depth:18; endswith; http.host; content:"solarisenergy.biz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427502/; classtype:trojan-activity;sid:81290602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plesk-stat/auai_ow6_n1w7n7/"; depth:28; endswith; http.host; content:"nsb.org.uk"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427501/; classtype:trojan-activity;sid:81290601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web-2014-josh/docs/"; depth:20; endswith; http.host; content:"springscapes.ca"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427500/; classtype:trojan-activity;sid:81290600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/84930357817111/"; depth:19; endswith; http.host; content:"getproven.club"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427499/; classtype:trojan-activity;sid:81290599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/9wu_sjp_rvn/"; depth:17; endswith; http.host; content:"microcommindia.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427498/; classtype:trojan-activity;sid:81290598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/llc/tr53i8vrsd9/"; depth:25; endswith; http.host; content:"adopteememo.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427497/; classtype:trojan-activity;sid:81290597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etnhp/lm/"; depth:10; endswith; http.host; content:"dirosety.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427496/; classtype:trojan-activity;sid:81290596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cwpze/lm/"; depth:10; endswith; http.host; content:"pusatunggulan.poltekkesbandung.com"; depth:34; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427495/; classtype:trojan-activity;sid:81290595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/ihxkyzav22h/kj78949652614922xyjdem8yiucg7so/"; depth:56; endswith; http.host; content:"remt-standart.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427494/; classtype:trojan-activity;sid:81290594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; http.host; content:"46.101.198.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427493/; classtype:trojan-activity;sid:81290593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; http.host; content:"46.101.198.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427492/; classtype:trojan-activity;sid:81290592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; http.host; content:"46.101.198.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427491/; classtype:trojan-activity;sid:81290591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; http.host; content:"46.101.198.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427490/; classtype:trojan-activity;sid:81290590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; http.host; content:"46.101.198.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427489/; classtype:trojan-activity;sid:81290589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; http.host; content:"46.101.198.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427488/; classtype:trojan-activity;sid:81290588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-snapshots/0b2690491643414noged5gc59ey1axk/"; depth:46; endswith; http.host; content:"alyajhdamir.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427487/; classtype:trojan-activity;sid:81290587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/datacollectionservice.php3"; depth:27; endswith; http.host; content:"chs.zarifbarbari.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427486/; classtype:trojan-activity;sid:81290586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/datacollectionservice.php3"; depth:27; endswith; http.host; content:"asn.crs.com.pa"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427485/; classtype:trojan-activity;sid:81290585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/datacollectionservice.php3"; depth:27; endswith; http.host; content:"backup.justthebooks.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427484/; classtype:trojan-activity;sid:81290584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/sites/phz7uw1l64/bjma293140323sbjtr9ztw1b1u/"; depth:56; endswith; http.host; content:"septicst.ru"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427483/; classtype:trojan-activity;sid:81290583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/balance/"; depth:18; endswith; http.host; content:"klikweb.me"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427482/; classtype:trojan-activity;sid:81290582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/yavvc7889124575jjnl3sr3bxj7vdte0bg/"; depth:47; endswith; http.host; content:"patriot.duna.it4u.ua"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427481/; classtype:trojan-activity;sid:81290581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vayvon5s.com/bul0gxm408039/"; depth:28; endswith; http.host; content:"vayvontinchap5s.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427480/; classtype:trojan-activity;sid:81290580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sites/xvwcdk/"; depth:14; endswith; http.host; content:"lifehub.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427479/; classtype:trojan-activity;sid:81290579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/molt/qpctq11/"; depth:14; endswith; http.host; content:"toyoo.shop"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427478/; classtype:trojan-activity;sid:81290578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfatp/pvmxom3um4083645/"; depth:24; endswith; http.host; content:"bidaphucphat.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427477/; classtype:trojan-activity;sid:81290577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/dgfqfwaaqvi76138/"; depth:30; endswith; http.host; content:"crathior.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427476/; classtype:trojan-activity;sid:81290576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ustgo/public/mwnn7tk900807jpu724dh2yaey6tc/"; depth:44; endswith; http.host; content:"taxforum.duna.it4u.ua"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427475/; classtype:trojan-activity;sid:81290575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/lm/enzcez/"; depth:20; endswith; http.host; content:"wise-rentals.co.uk"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427474/; classtype:trojan-activity;sid:81290574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sms/pay/oct/"; depth:13; endswith; http.host; content:"swat.lt"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427473/; classtype:trojan-activity;sid:81290573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/etrac/p0t56406739r4dsv3lhuhe6e43y4vr5/"; depth:50; endswith; http.host; content:"homful.info"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427472/; classtype:trojan-activity;sid:81290572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/0fxj68529115808192qfp0ahqezem8edfcy/"; depth:53; endswith; http.host; content:"bilandevie.fr"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427471/; classtype:trojan-activity;sid:81290571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.81.237.96"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427470/; classtype:trojan-activity;sid:81290570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.67.89.40"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427469/; classtype:trojan-activity;sid:81290569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"175.10.48.8"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427468/; classtype:trojan-activity;sid:81290568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"162.212.114.18"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427467/; classtype:trojan-activity;sid:81290567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.233.73.203"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427466/; classtype:trojan-activity;sid:81290566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.191.207"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427465/; classtype:trojan-activity;sid:81290565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.123.62.57"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427464/; classtype:trojan-activity;sid:81290564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.22.105"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427463/; classtype:trojan-activity;sid:81290563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"110.18.194.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427462/; classtype:trojan-activity;sid:81290562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.145.119"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427461/; classtype:trojan-activity;sid:81290561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.30.123"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427460/; classtype:trojan-activity;sid:81290560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.239.11.69"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427459/; classtype:trojan-activity;sid:81290559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.226.239.69"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427458/; classtype:trojan-activity;sid:81290558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/etrac/r579467040790i5ubdkgnzq8a9sa9/"; depth:49; endswith; http.host; content:"880185.cn"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427457/; classtype:trojan-activity;sid:81290557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/docs/vuug7692ym0/"; depth:30; endswith; http.host; content:"sodalite.life"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427456/; classtype:trojan-activity;sid:81290556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecmh/cqzon2m7sho/56ms7jzxb/ubaan45485696croz3yqpyk83w7d/"; depth:57; endswith; http.host; content:"aldo7.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427455/; classtype:trojan-activity;sid:81290555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webstruct/reporting/d9jwefs91t6b/"; depth:34; endswith; http.host; content:"mockienan.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427454/; classtype:trojan-activity;sid:81290554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/swift/y2h1nrqqh9/"; depth:29; endswith; http.host; content:"moraniz.co.il"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427453/; classtype:trojan-activity;sid:81290553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sys-cache/289164006926666/pxdvebv/971314999103938685ay59zje0yr9vnbqy97/"; depth:72; endswith; http.host; content:"temulapak.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427452/; classtype:trojan-activity;sid:81290552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmsjdr/documentation/dln24u/"; depth:29; endswith; http.host; content:"adenorsimoes.com.br"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427451/; classtype:trojan-activity;sid:81290551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgmngz/balance/va0nszk0hu/naho1ye284157o8yyi8ptjy8wg9xqj/"; depth:58; endswith; http.host; content:"andelsky-dotek.cz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427450/; classtype:trojan-activity;sid:81290550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/km5787394599964577y25p6ryhdyutvcpc/"; depth:47; endswith; http.host; content:"scsanwei.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427449/; classtype:trojan-activity;sid:81290549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/rm3lci0p8/"; depth:22; endswith; http.host; content:"spinit.mx"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427448/; classtype:trojan-activity;sid:81290548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/attachments/lvos4wo2pvg/72075832920g1gtpfx82c1f/"; depth:61; endswith; http.host; content:"pawisselshow.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427447/; classtype:trojan-activity;sid:81290547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setupconfigo/lm/"; depth:17; endswith; http.host; content:"onefacilitysolutions.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427446/; classtype:trojan-activity;sid:81290546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/jnjqw0/"; depth:19; endswith; http.host; content:"itys.tk"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427445/; classtype:trojan-activity;sid:81290545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gttu/invoice/ujn3me8cye/"; depth:25; endswith; http.host; content:"dweixin.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427444/; classtype:trojan-activity;sid:81290544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/oct/02uh808220013508wrz3hj237efhgwt3smhc/"; depth:54; endswith; http.host; content:"biotior.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427443/; classtype:trojan-activity;sid:81290543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cli/document/kmyshbn0/"; depth:23; endswith; http.host; content:"asholbazar.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427442/; classtype:trojan-activity;sid:81290542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/attachments/pyhapkdt/"; depth:34; endswith; http.host; content:"aruntic.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427441/; classtype:trojan-activity;sid:81290541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/components/sites/"; depth:18; endswith; http.host; content:"temp2.poweredbycascadia.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427440/; classtype:trojan-activity;sid:81290540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/invoice/sm8vq622988qw7u2feowiq2/"; depth:45; endswith; http.host; content:"coolbion.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427439/; classtype:trojan-activity;sid:81290539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0ox0ox0oxdefault/z0r0.x86"; depth:27; endswith; http.host; content:"cnc.iotbotnet.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427438/; classtype:trojan-activity;sid:81290538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0ox0ox0oxdefault/z0r0.arm6"; depth:28; endswith; http.host; content:"cnc.iotbotnet.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427437/; classtype:trojan-activity;sid:81290537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0ox0ox0oxdefault/z0r0.arm5"; depth:28; endswith; http.host; content:"cnc.iotbotnet.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427436/; classtype:trojan-activity;sid:81290536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/reporting/"; depth:23; endswith; http.host; content:"coolior.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427435/; classtype:trojan-activity;sid:81290535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/esp/bol3rrxnuq/"; depth:19; endswith; http.host; content:"home.dawang.ink"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427434/; classtype:trojan-activity;sid:81290534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0ox0ox0oxdefault/z0r0.arm"; depth:27; endswith; http.host; content:"cnc.iotbotnet.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427433/; classtype:trojan-activity;sid:81290533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0ox0ox0oxdefault/z0r0.mpsl"; depth:28; endswith; http.host; content:"cnc.iotbotnet.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427432/; classtype:trojan-activity;sid:81290532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0ox0ox0oxdefault/z0r0.mips"; depth:28; endswith; http.host; content:"cnc.iotbotnet.xyz"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427431/; classtype:trojan-activity;sid:81290531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/content/uxrqlt4bcft6/"; depth:22; endswith; http.host; content:"toweixin.site"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427430/; classtype:trojan-activity;sid:81290530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scsbxjhhpu/balance/tms6thi074077r3oxt6kyzr0fcchbm/"; depth:51; endswith; http.host; content:"namechoz.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427429/; classtype:trojan-activity;sid:81290529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/inc/71d1344158532419tkxzb7y41ggfkpl/"; depth:48; endswith; http.host; content:"perugourmetsour.cl"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427428/; classtype:trojan-activity;sid:81290528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/documentation/dwqzappw1/b9680090150172wg5ws45t6pk1/"; depth:64; endswith; http.host; content:"shopeeinfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427427/; classtype:trojan-activity;sid:81290527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wjvwdsqqzp/sites/p980529620229uweod205hyzmilh/"; depth:47; endswith; http.host; content:"localnet.srv.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427426/; classtype:trojan-activity;sid:81290526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/reporting/"; depth:20; endswith; http.host; content:"npq.vn"; depth:6; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427425/; classtype:trojan-activity;sid:81290525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/29411025390470998/ib1fqjv657470419zykjvqbtcpglx8jc0y6pi/"; depth:68; endswith; http.host; content:"ballista.vn"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427424/; classtype:trojan-activity;sid:81290524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/84930357817111/"; depth:19; endswith; http.host; content:"getproven.club"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427423/; classtype:trojan-activity;sid:81290523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ktsro/sites/g4q7fbzl7g/"; depth:24; endswith; http.host; content:"anninhbamien.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427422/; classtype:trojan-activity;sid:81290522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8eel5yhwsg/doc/n75mtlktp/lbd1g1994447535143s1hc0jymt5wo1avls/"; depth:62; endswith; http.host; content:"lostbookofremedies.download"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427421/; classtype:trojan-activity;sid:81290521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/3kb3kny/"; depth:12; endswith; http.host; content:"anekasolusi.info"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427420/; classtype:trojan-activity;sid:81290520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/documentation/y2rln7x665694029238481zungymo072hzhes33h/"; depth:68; endswith; http.host; content:"dolphininsight.it"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427419/; classtype:trojan-activity;sid:81290519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.192.158.172"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427418/; classtype:trojan-activity;sid:81290518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.158.167"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427417/; classtype:trojan-activity;sid:81290517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.236.23.186"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427416/; classtype:trojan-activity;sid:81290516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.120.153.200"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427415/; classtype:trojan-activity;sid:81290515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"218.31.19.18"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427414/; classtype:trojan-activity;sid:81290514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.70.81.94"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427413/; classtype:trojan-activity;sid:81290513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apwxf/0m58837/"; depth:15; endswith; http.host; content:"hnqdyq.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427412/; classtype:trojan-activity;sid:81290512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/yb7615/"; depth:17; endswith; http.host; content:"xtchache.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427411/; classtype:trojan-activity;sid:81290511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/z0d0rsky/"; depth:19; endswith; http.host; content:"chessinslums.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427410/; classtype:trojan-activity;sid:81290510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/8za/"; depth:14; endswith; http.host; content:"healthphilic.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427409/; classtype:trojan-activity;sid:81290509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/9z9f08/"; depth:20; endswith; http.host; content:"superbirkin.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427408/; classtype:trojan-activity;sid:81290508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/medals/protected-module/close-portal/cpy-s9st33tu080/"; depth:54; endswith; http.host; content:"esnconsultants.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427407/; classtype:trojan-activity;sid:81290507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/available-array/open-profile/s6g6p0hjyrg-2y6tu58ws2xs21/"; depth:64; endswith; http.host; content:"kriskate.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427406/; classtype:trojan-activity;sid:81290506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/available-array/open-profile/s6g6p0hjyrg-2y6tu58ws2xs21/"; depth:64; endswith; http.host; content:"www.kriskate.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427405/; classtype:trojan-activity;sid:81290505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/english/multifunctional-module/test-cloud/xbtiofquqz-6v4xu/"; depth:60; endswith; http.host; content:"ekramco.ir"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427404/; classtype:trojan-activity;sid:81290504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cli/gevfff3b-na4wr-resource/individual-forum/bjir54i-533xw3/"; depth:61; endswith; http.host; content:"krausen.ee"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427403/; classtype:trojan-activity;sid:81290503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/certificates/protected-module/237q9v-3t9dtf4zrq-2925059-ewkyfjj/kjdv6pfyt-2ol1l5g610/"; depth:86; endswith; http.host; content:"wb0rur.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427402/; classtype:trojan-activity;sid:81290502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/docs/rpm5ekbzjtw/"; depth:27; endswith; http.host; content:"youqudeshi.com.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427401/; classtype:trojan-activity;sid:81290501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fortyfour7/attachments/)/"; depth:26; endswith; http.host; content:"compunetplus.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427400/; classtype:trojan-activity;sid:81290500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cache/auugrhti-tya5b-12002/"; depth:28; endswith; http.host; content:"janoshi.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427399/; classtype:trojan-activity;sid:81290499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stripe/0kfi3-utzcc-7874/"; depth:25; endswith; http.host; content:"scoenuganda.org"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427398/; classtype:trojan-activity;sid:81290498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/browse/89ug6812020767860091hg0omqo2pz0/"; depth:49; endswith; http.host; content:"nsds.hr"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427334/; classtype:trojan-activity;sid:81290434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/sites/"; depth:13; endswith; http.host; content:"anima-terapie.cz"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427327/; classtype:trojan-activity;sid:81290427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fortyfour7/attachments/"; depth:24; endswith; http.host; content:"compunetplus.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427326/; classtype:trojan-activity;sid:81290426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uglpw/"; depth:7; endswith; http.host; content:"itvinci.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427325/; classtype:trojan-activity;sid:81290425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/aw_zix2_e56hvkrp/"; depth:27; endswith; http.host; content:"askdadtoday.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427324/; classtype:trojan-activity;sid:81290424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/yi_h5_5h7498m3/"; depth:25; endswith; http.host; content:"bobgrahamjrphotography.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427323/; classtype:trojan-activity;sid:81290423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/i_64e6_prqa/"; depth:22; endswith; http.host; content:"innovatedcommunicationandconstruction.com"; depth:41; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427322/; classtype:trojan-activity;sid:81290422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/hp_zi36_ve0y/"; depth:23; endswith; http.host; content:"bobgrahamjr.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427321/; classtype:trojan-activity;sid:81290421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/cqm_e_k11bf4e/"; depth:24; endswith; http.host; content:"timrayconsult.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427320/; classtype:trojan-activity;sid:81290420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5cc6/ogo10p7h/"; depth:16; endswith; http.host; content:"newstoday.life"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427319/; classtype:trojan-activity;sid:81290419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avzlq/balance/"; depth:15; endswith; http.host; content:"jahadi.mubabol.ac.ir"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427318/; classtype:trojan-activity;sid:81290418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/lzqdxvmub5dcym/4ksr7uud8uw1/"; depth:38; endswith; http.host; content:"vneco.net"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427317/; classtype:trojan-activity;sid:81290417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloader/public/"; depth:19; endswith; http.host; content:"scootervenlo.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427316/; classtype:trojan-activity;sid:81290416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sliders/docs/lefa2wo59ph/1ce670027371000359465tcuomh0igl859jlm/"; depth:64; endswith; http.host; content:"cushionsandumbrellas.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427315/; classtype:trojan-activity;sid:81290415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/racing/esp/"; depth:12; endswith; http.host; content:"jwiltshire.org.uk"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427314/; classtype:trojan-activity;sid:81290414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/13j302yjo730/bz2j702716599132edwe8wwambc05trx1klf/"; depth:55; endswith; http.host; content:"rhinoplas.co.id"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427313/; classtype:trojan-activity;sid:81290413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/spdij5/"; depth:22; endswith; http.host; content:"welcomehouse.ca"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427312/; classtype:trojan-activity;sid:81290412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/spdij5/"; depth:22; endswith; http.host; content:"www.welcomehouse.ca"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427311/; classtype:trojan-activity;sid:81290411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/spdij5/>/"; depth:24; endswith; http.host; content:"welcomehouse.ca"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427310/; classtype:trojan-activity;sid:81290410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/font/sites/s8ouwoc/"; depth:39; endswith; http.host; content:"anythingghost.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427309/; classtype:trojan-activity;sid:81290409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/file/rdmf42eax/"; depth:25; endswith; http.host; content:"ypyy123.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427308/; classtype:trojan-activity;sid:81290408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rfudo/sites/"; depth:13; endswith; http.host; content:"doukart.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427307/; classtype:trojan-activity;sid:81290407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klabmoz/6465292473/"; depth:20; endswith; http.host; content:"oficinadinheiro.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427306/; classtype:trojan-activity;sid:81290406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/colindepaula/wcydeag/"; depth:22; endswith; http.host; content:"mormedia.biz"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427305/; classtype:trojan-activity;sid:81290405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web-2014-josh/docs/"; depth:20; endswith; http.host; content:"www.springscapes.ca"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427304/; classtype:trojan-activity;sid:81290404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/public/uj9q7r3w7fi/htrid421194511197971if4ue9znwur9zqjfy/"; depth:61; endswith; http.host; content:"metropolitanelites.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427303/; classtype:trojan-activity;sid:81290403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/user/closed_zone/interior_cloud/h3i0bcl8jni2_949w914u6498/"; depth:68; endswith; http.host; content:"jmedia.co.id"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427302/; classtype:trojan-activity;sid:81290402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novoassecon/lm/jszh1lb8/"; depth:25; endswith; http.host; content:"assecon.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427301/; classtype:trojan-activity;sid:81290401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old/protected-resource/close-profile/xjsetpe9dxq1-yllohjf0j/"; depth:61; endswith; http.host; content:"yeichner.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427300/; classtype:trojan-activity;sid:81290400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occup/foymksa8iuy/uyc27174682618858tucv1ehr2dyp/"; depth:49; endswith; http.host; content:"astronica.org"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427299/; classtype:trojan-activity;sid:81290399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/private-sector/individual-profile/i8dnwu3d3u05olp-ws90su4/"; depth:68; endswith; http.host; content:"armadalecfc.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427298/; classtype:trojan-activity;sid:81290398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diapercakes/8n5w94lgmf8g_dkwlet_disk/test_51359367_hxzcseqnk/dworvgm4toh_hdnonzjhdfrjj8/"; depth:89; endswith; http.host; content:"badabadabingo.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427297/; classtype:trojan-activity;sid:81290397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/www.brownshotelgroup.com.pt/mogc/"; depth:34; endswith; http.host; content:"brownshotelgroup.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427296/; classtype:trojan-activity;sid:81290396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwvv2/d4d9tvse_vc0hf7v0_3493297447348_aypycui/additional_warehouse/zykfjwyl_nwj76m8c1/"; depth:87; endswith; http.host; content:"bcpcircle.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427295/; classtype:trojan-activity;sid:81290395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rodselectrical.net.au/open_7tl0mvuv3_8cga0qie3frs/interior_portal/63499337556260_9hr7skvfhvscwz/"; depth:97; endswith; http.host; content:"bluespaceit.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427294/; classtype:trojan-activity;sid:81290394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspnet_client/etrac/"; depth:21; endswith; http.host; content:"bigblue.com.tr"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427293/; classtype:trojan-activity;sid:81290393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/closed_disk/special_space/9052530_rmfxgomqg7xssw/"; depth:61; endswith; http.host; content:"breedenandsilver.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427292/; classtype:trojan-activity;sid:81290392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xhtmlcss/780588/"; depth:17; endswith; http.host; content:"biomayest.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427291/; classtype:trojan-activity;sid:81290391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sitevelho/28cha-syw-45116/"; depth:27; endswith; http.host; content:"caixasacusticasparizotto.com.br"; depth:31; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427290/; classtype:trojan-activity;sid:81290390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wedoweb.biz/common-zone/214210168-x44pbrg6znam6l-warehouse/ypz2x3mwz091un-wv944wsw051xy/"; depth:89; endswith; http.host; content:"brightonrooms.co.uk"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427289/; classtype:trojan-activity;sid:81290389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azam/wtosv81nond/"; depth:18; endswith; http.host; content:"bitbenderz.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427288/; classtype:trojan-activity;sid:81290388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/oct/pwr755616595457158odap5psb/"; depth:39; endswith; http.host; content:"bodenstein.co.za"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427287/; classtype:trojan-activity;sid:81290387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cache/4796464711-w34gmpvg-aaw2cps-djxjfhyl6rb5/individual-space/31626648-dvlhjgmo/"; depth:83; endswith; http.host; content:"brightmega.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427286/; classtype:trojan-activity;sid:81290386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/jbquujq/"; depth:18; endswith; http.host; content:"campanus.cz"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427285/; classtype:trojan-activity;sid:81290385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icon/open_resource/security_33517968214_yqyepo/oe0nsobq49_u6823xs80895/"; depth:72; endswith; http.host; content:"byrdits.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427284/; classtype:trojan-activity;sid:81290384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/livros/sznmrqpuf1_nausx38myvqc_box/6yovcsey6048o_m8ybbupqr08_area/6129126905906_pgspekgei0zc/"; depth:94; endswith; http.host; content:"cacildavelasco.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427283/; classtype:trojan-activity;sid:81290383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo/document/"; depth:16; endswith; http.host; content:"bryanbuchan.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427282/; classtype:trojan-activity;sid:81290382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sgq/oaixdtl/"; depth:13; endswith; http.host; content:"capitaladm.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427281/; classtype:trojan-activity;sid:81290381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/reporting/idvwr24o4sk/"; depth:30; endswith; http.host; content:"cabelectrical.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427280/; classtype:trojan-activity;sid:81290380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/common-j97d3tqhy5d-jzsry9p5qjcvfy/guarded-warehouse/9868099630188-hqpxuypo/"; depth:76; endswith; http.host; content:"camminachetipassa.it"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427279/; classtype:trojan-activity;sid:81290379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sites/private-sector/verifiable-forum/9615755-yvbfz9bgqx/"; depth:58; endswith; http.host; content:"camponovo.it"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427278/; classtype:trojan-activity;sid:81290378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sites/pages/invoice/ozypbu18/"; depth:30; endswith; http.host; content:"www.campdevanol.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427277/; classtype:trojan-activity;sid:81290377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webrep.ca/fouawocfs_xb55ddx_sector/8a85_4dbt1734pvfhgms_forum/fbxe3m6kwi6fh2_5wt2x/"; depth:84; endswith; http.host; content:"carlosmartins.ca"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427276/; classtype:trojan-activity;sid:81290376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/overview/gnvtj5b/"; depth:30; endswith; http.host; content:"cankofte.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427275/; classtype:trojan-activity;sid:81290375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/turismo/jrepilbqm/"; depth:19; endswith; http.host; content:"cearacultural.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427274/; classtype:trojan-activity;sid:81290374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bavi/paclm/"; depth:12; endswith; http.host; content:"cali.de"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427273/; classtype:trojan-activity;sid:81290373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgftp/7caivw0-i3p-546467/"; depth:26; endswith; http.host; content:"www.choweng.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427272/; classtype:trojan-activity;sid:81290372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/document/eh6c2paiqpzx/log74135461440030660hw181iuna8z3oxajbjd/"; depth:71; endswith; http.host; content:"ceelen.nl"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427271/; classtype:trojan-activity;sid:81290371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/videochat/sounds/wxtundt_bk4bfgo_section/corporate_forum/96628319201_6gidkdotepfg/"; depth:83; endswith; http.host; content:"chahooa.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427270/; classtype:trojan-activity;sid:81290370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/owncloud/lm/"; depth:13; endswith; http.host; content:"centreforitexcellence.com.au"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427269/; classtype:trojan-activity;sid:81290369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/studio/personal_disk/open_profile/jjy1x0wm_jb2niv2l2qjqim/"; depth:59; endswith; http.host; content:"chmiola.net"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427268/; classtype:trojan-activity;sid:81290368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blog/sites/"; depth:12; endswith; http.host; content:"cequel.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427267/; classtype:trojan-activity;sid:81290367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/php/1fayolru-vahmfnzdzwsw9k-resource/195087-qutpzm-profile/blfo9vv-sh50qm4ihiglo/"; depth:82; endswith; http.host; content:"chrishalaska.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427266/; classtype:trojan-activity;sid:81290366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subsets/llc/"; depth:13; endswith; http.host; content:"cghmedia.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427265/; classtype:trojan-activity;sid:81290365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solutions/ym/"; depth:14; endswith; http.host; content:"ewingconsulting.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427264/; classtype:trojan-activity;sid:81290364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/available-array/kairp27qbzm-cil1lff4q-dlf2z-gyv55yx5ujsya/80691227642-djbq8qrrpt/"; depth:91; endswith; http.host; content:"pfuse.net"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427263/; classtype:trojan-activity;sid:81290363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video/kxhezd6a0/"; depth:17; endswith; http.host; content:"chrisrambo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427262/; classtype:trojan-activity;sid:81290362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/overview/plqy/"; depth:15; endswith; http.host; content:"ingelse.net"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427261/; classtype:trojan-activity;sid:81290361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/scan/cugopvqy9/j505390001420jznjuwaexp58lxgk/"; depth:54; endswith; http.host; content:"hamiltonslive.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427260/; classtype:trojan-activity;sid:81290360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a_359_l/private-m2540mjrmi-0pdjn9v30hzt/test-eckvho-glcyu5fcmxz/0cghtsgwjp-28wwt157vw3y2/"; depth:90; endswith; http.host; content:"taltus.co.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427259/; classtype:trojan-activity;sid:81290359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"124.67.89.50"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427258/; classtype:trojan-activity;sid:81290358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.73.210"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427257/; classtype:trojan-activity;sid:81290357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.229.223.204"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427256/; classtype:trojan-activity;sid:81290356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.152.195"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427255/; classtype:trojan-activity;sid:81290355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/private-array/31u9-8aws1f1i4v2-8371604-bwf6oyofw1q/c6q5oxi-knkri5ipjj/"; depth:82; endswith; http.host; content:"spitzertech.net"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427254/; classtype:trojan-activity;sid:81290354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwvv2/o3ywu_j2eqgzhzv78yzw_resource/cwwn9kk_iiqeqbpju_mk9gi_znlfdkmalnp9o/270016892_xlsb2zmosll22a/"; depth:100; endswith; http.host; content:"timtuinen.nl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427253/; classtype:trojan-activity;sid:81290353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rw_common/wlwymw2am5n/"; depth:23; endswith; http.host; content:"simulations.org"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427252/; classtype:trojan-activity;sid:81290352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/documentation/ewikf6pl739/8hn643219264336511211qi8e4jmhds261/"; depth:70; endswith; http.host; content:"leavell-photography.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427251/; classtype:trojan-activity;sid:81290351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/kacj/"; depth:17; endswith; http.host; content:"www.popfizzion.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427250/; classtype:trojan-activity;sid:81290350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old/qzbcekop/"; depth:14; endswith; http.host; content:"nuwagi.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427249/; classtype:trojan-activity;sid:81290349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/wnrfrxwz/"; depth:22; endswith; http.host; content:"nypthealing.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427248/; classtype:trojan-activity;sid:81290348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/d1q66rszmw123555/"; depth:25; endswith; http.host; content:"www.lgpass.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427247/; classtype:trojan-activity;sid:81290347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/breezes/wwlew3341719/"; depth:22; endswith; http.host; content:"paulancheta.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427246/; classtype:trojan-activity;sid:81290346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/open_zone/lj9mgrwym_se5cpjkmdhi_space/osnwsppo_3tz5304507/"; depth:64; endswith; http.host; content:"synapseyes.de"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427245/; classtype:trojan-activity;sid:81290345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la/paclm/btzoe9ujacz/fsx0q5t5115910191xppv50mr1ki1hhxy/"; depth:56; endswith; http.host; content:"steverenton.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427244/; classtype:trojan-activity;sid:81290344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/html/oykcnrxpl/"; depth:16; endswith; http.host; content:"ferienwohnung-malcesine.de"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427243/; classtype:trojan-activity;sid:81290343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/eai-a7p-363/"; depth:21; endswith; http.host; content:"tigaeurope.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427242/; classtype:trojan-activity;sid:81290342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/available-sector/97941140-rykxpw-warehouse/9727376042263-rfnngmimqowm/"; depth:83; endswith; http.host; content:"theebeautyspot.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427241/; classtype:trojan-activity;sid:81290341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drupal/inc/aozbmmiwz/"; depth:22; endswith; http.host; content:"www.svkn.at"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427240/; classtype:trojan-activity;sid:81290340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/275021024-hcvr47zmsjx-25545-n7dryobfxwp/open-portal/cy58zxwjkif6-317gxuhl0q/"; depth:85; endswith; http.host; content:"tecnofrota.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427239/; classtype:trojan-activity;sid:81290339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwwdownloadinvoice/scan/yqoanl259912857670ktpwpaqyv7upt/"; depth:57; endswith; http.host; content:"techhampton.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427238/; classtype:trojan-activity;sid:81290338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kpce/"; depth:15; endswith; http.host; content:"cnwanlian.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427237/; classtype:trojan-activity;sid:81290337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/themes/itij5_evqrea359tjmlhgk_disk/verifiable_area/407620068293_k7trr9/"; depth:72; endswith; http.host; content:"amyemitchell.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427236/; classtype:trojan-activity;sid:81290336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oop/file/3vkhb5bj0/ju9314897845050829pytr8azcuae8b/"; depth:52; endswith; http.host; content:"tomjoosten.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427235/; classtype:trojan-activity;sid:81290335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emakbelajarmasak.com/multifunctional_of3_h6nhwhq1qvlkp22/individual_cloud/tgtkzu3jcp2_2gmrr1u0/"; depth:96; endswith; http.host; content:"ariefsetiawan.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427234/; classtype:trojan-activity;sid:81290334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lm/ltm3j9c/"; depth:20; endswith; http.host; content:"cleanbydesignllc.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427233/; classtype:trojan-activity;sid:81290333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/book/open_c6qelc59mcwmhsgl_s1llg6doa5f0/open_c0q_v216htg0xhr2w5/652vqpagek4u_4ws800x15s/"; depth:89; endswith; http.host; content:"comerford.org.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427232/; classtype:trojan-activity;sid:81290332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wigygduz/8888888.png"; depth:21; endswith; http.host; content:"pmcskh.vivi.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427231/; classtype:trojan-activity;sid:81290331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cerrado/invoice/6h3m8489244492613yjkxsjsoaeuy9wizk/"; depth:52; endswith; http.host; content:"ammonhair.nl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427230/; classtype:trojan-activity;sid:81290330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agencia/ctnjnsnhz/"; depth:19; endswith; http.host; content:"comunicacaovertical.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427229/; classtype:trojan-activity;sid:81290329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/picture_library/lh/"; depth:20; endswith; http.host; content:"www.ranking-site.de"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427228/; classtype:trojan-activity;sid:81290328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iictohkr/8888888.png"; depth:21; endswith; http.host; content:"idealcuisine.com.tn"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427227/; classtype:trojan-activity;sid:81290327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/open_resource/verified_5323947671_yx88qsi3u/v33pz0vz1_xxgj8i9w/"; depth:73; endswith; http.host; content:"wp.oyster-internet.co.uk"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427226/; classtype:trojan-activity;sid:81290326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/report/"; depth:16; endswith; http.host; content:"turkydesigns.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427225/; classtype:trojan-activity;sid:81290325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/rgscu/"; depth:11; endswith; http.host; content:"cartoon.oyuncuyuzbiz.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427224/; classtype:trojan-activity;sid:81290324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmktzamm/8888888.png"; depth:21; endswith; http.host; content:"whichworx.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427223/; classtype:trojan-activity;sid:81290323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e8ma/invoice/mygr2n/g7etl0554582ju45t83ww7hjvwpjk/"; depth:51; endswith; http.host; content:"www.montre-connectee-sport.com"; depth:30; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427222/; classtype:trojan-activity;sid:81290322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imbya/8888888.png"; depth:18; endswith; http.host; content:"tahanikhawaji.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427221/; classtype:trojan-activity;sid:81290321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vvjojuglef_06.iso"; depth:18; endswith; http.host; content:"142.11.212.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427220/; classtype:trojan-activity;sid:81290320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vupchqholm_06.iso"; depth:18; endswith; http.host; content:"142.11.212.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427219/; classtype:trojan-activity;sid:81290319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ewtxh/8888888.png"; depth:18; endswith; http.host; content:"www.hospitaisipiranga.com.br"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427218/; classtype:trojan-activity;sid:81290318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upvhbpikbn80.iso"; depth:17; endswith; http.host; content:"142.11.212.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427217/; classtype:trojan-activity;sid:81290317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/njhqfhuwmm90.iso"; depth:17; endswith; http.host; content:"142.11.212.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427216/; classtype:trojan-activity;sid:81290316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xlgkqwjt/8888888.png"; depth:21; endswith; http.host; content:"40chorr.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427215/; classtype:trojan-activity;sid:81290315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbxznjzguqudr.iso"; depth:18; endswith; http.host; content:"142.11.212.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427214/; classtype:trojan-activity;sid:81290314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bqpzzzybixxytgzldcb.iso"; depth:24; endswith; http.host; content:"142.11.212.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427213/; classtype:trojan-activity;sid:81290313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alecdroas_4545.iso"; depth:19; endswith; http.host; content:"142.11.212.211"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427212/; classtype:trojan-activity;sid:81290312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/multifunctional_026716895_ag7s5yr/close_profile/mlb8hgo4kg8d_806tx14/"; depth:82; endswith; http.host; content:"catswiz.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427211/; classtype:trojan-activity;sid:81290311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utrbdrackmo.iso"; depth:16; endswith; http.host; content:"142.11.213.42"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427210/; classtype:trojan-activity;sid:81290310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnkokysdggit.iso"; depth:17; endswith; http.host; content:"142.11.213.42"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427209/; classtype:trojan-activity;sid:81290309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aff.txt"; depth:8; endswith; http.host; content:"142.11.213.42"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427208/; classtype:trojan-activity;sid:81290308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g96s/1c2y5du/"; depth:14; endswith; http.host; content:"naachii.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427207/; classtype:trojan-activity;sid:81290307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tr/cl/e6knwdxt338ab5u82bpcsktwgvdbraptss_cm-vfh2t_okokaxfccqo44g66jedcbqz3shyfnljk52tmf9nle1fq3ycfxbildpjhrquqa0cjle_8gx5q0cbmw2f7wq2z44kxdawnrwrx6pgbe33q4xd27wysudfkirn-lzsgrksgtvpsa8w3tluliwk1bmv5gzrmd2yof6upnbcat6fqmvohmxtgr5y8b4pdplsi8hcdiune-eb-otffmcraadxeow7cl4ormjhtjoxngq/"; depth:282; endswith; http.host; content:"r.sb.jobsglobal.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427206/; classtype:trojan-activity;sid:81290306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/open_52882804939_fjyhk/special_308253844_r1ltuvtnpw/cgjzyiqfasc_ncx82eaem5i/"; depth:96; endswith; http.host; content:"meyragroup.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427205/; classtype:trojan-activity;sid:81290305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/994-wa0ur-6532/"; depth:27; endswith; http.host; content:"alirezajanghorban1991.ir"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427204/; classtype:trojan-activity;sid:81290304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/llc/xiopg2b/7276890871300146dvtk8bby7742az/"; depth:52; endswith; http.host; content:"workout-stores.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427203/; classtype:trojan-activity;sid:81290303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/o8n-097z-980/"; depth:22; endswith; http.host; content:"efetiva.net.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427202/; classtype:trojan-activity;sid:81290302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/yqn/"; depth:9; endswith; http.host; content:"csds.ca"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427201/; classtype:trojan-activity;sid:81290301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stronghold/6m-a6-87/"; depth:21; endswith; http.host; content:"www.darknova.eu"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427200/; classtype:trojan-activity;sid:81290300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/0f1uyaml-d4hkniimfbl-box/open-area/337250477496-wwwgn5/"; depth:64; endswith; http.host; content:"cuadros.pe"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427199/; classtype:trojan-activity;sid:81290299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ucexport=download|7c|26|7c|id=1dlkeuss1gss4mvjve8ktumut_znin6bi"; depth:64; endswith; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427198/; classtype:trojan-activity;sid:81290298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/d38wv79_ij5s9xrdlwap5np_disk/guarded_space/229200_mc2y2m2pbuye6/"; depth:76; endswith; http.host; content:"dockerydesign.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427197/; classtype:trojan-activity;sid:81290297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/extras/statement/fd15u1poo/lq66uol093694408pjiwyxb8xdtneqngogbov/"; depth:66; endswith; http.host; content:"dralcalde.es"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427196/; classtype:trojan-activity;sid:81290296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homegrownorlando.com/closed-section/additional-area/740331365-r4cxbyqtk/"; depth:73; endswith; http.host; content:"exilum.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427195/; classtype:trojan-activity;sid:81290295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/private/m0xci-c3jk0-878/"; depth:25; endswith; http.host; content:"ravenproductionsltd.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427194/; classtype:trojan-activity;sid:81290294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/public/gqdcv4iy/"; depth:24; endswith; http.host; content:"duck.org"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427193/; classtype:trojan-activity;sid:81290293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/docs/c3i8602qj0y2/3bn528528h6keib3kfgi8jo7/"; depth:52; endswith; http.host; content:"www.vladtrans.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427192/; classtype:trojan-activity;sid:81290292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/common-zone/v14yqjbyik8w-kle366mw4zjyv-4214065-vs0yaymozdh/439341-tzfj0fv86rwflnso/"; depth:91; endswith; http.host; content:"ourplace.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427191/; classtype:trojan-activity;sid:81290291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/doc/7vqqte/"; depth:20; endswith; http.host; content:"nitronet.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427190/; classtype:trojan-activity;sid:81290290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/private_module/test_cloud/z3gjv_w4zyu545ts846/"; depth:51; endswith; http.host; content:"jeffdahlke.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427189/; classtype:trojan-activity;sid:81290289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bayi/closed_owvudomarx6nv_g7692ym0udetw/open_profile/okvbaniybf8je_w0x34vsy/"; depth:77; endswith; http.host; content:"karerguvenlik.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427188/; classtype:trojan-activity;sid:81290288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/protected-section/verified-area/pkik2g-y74u7y7u692v89/"; depth:63; endswith; http.host; content:"rbrandguitars.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427187/; classtype:trojan-activity;sid:81290287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/press-this/multifunctional_disk/additional_area/y7u1jydiiqwp_yxz4z/"; depth:87; endswith; http.host; content:"goharm.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427186/; classtype:trojan-activity;sid:81290286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9s52_ou17husakvth9fs_resource/f17p8y3a79_fy3mdgo7tt_forum=/yow80_fen0mtlvvyuf/"; depth:79; endswith; http.host; content:"gzamora.es"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427185/; classtype:trojan-activity;sid:81290285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/1u4da-ysy-303765/"; depth:26; endswith; http.host; content:"badeggdesign.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427184/; classtype:trojan-activity;sid:81290284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faatads/protected-resource/external-cloud/bjm74kxe-0x0uxv1w74982/"; depth:66; endswith; http.host; content:"paralink.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427183/; classtype:trojan-activity;sid:81290283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/parts_service/tt49r06sbmjt/"; depth:31; endswith; http.host; content:"coulsongraphics.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427182/; classtype:trojan-activity;sid:81290282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y4mhnow9eisuh2dqfbarqyfec8fr9kvnfxk4vbip3dzmesyck4m_pcvbconwujmeozbkliat6czk-0akrvq3vte4ffbgxm2ga4zifnbm9olrst_mck2yidndgofczc_dbxbu18yufenw6tfip0xdbuqi-4cj-3wbhwixit3gftpqh54xokbdrrahbf1zrdbfmpy8tgbe_ce5asdnchnuri8vw/img_2300004.rardownload|7c|26|7c|psid=1"; depth:258; endswith; http.host; content:"lahhqa.dm.files.1drv.com"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427181/; classtype:trojan-activity;sid:81290281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadcid=f293cebb54e5ea71|7c|26|7c|resid=f293cebb54e5ea71%21293|7c|26|7c|authkey=aha74rsqiuewnpq"; depth:100; endswith; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427180/; classtype:trojan-activity;sid:81290280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrgreenclean/uqr55/"; depth:20; endswith; http.host; content:"www.ecosuds.ca"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427179/; classtype:trojan-activity;sid:81290279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/php/eetn00182/"; depth:15; endswith; http.host; content:"finnigans.org.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427178/; classtype:trojan-activity;sid:81290278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcm_rel_4_100_15_5_whql/7wuea168844/"; depth:37; endswith; http.host; content:"djunreal.co.uk"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427177/; classtype:trojan-activity;sid:81290277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nav/tephch0f/"; depth:14; endswith; http.host; content:"dragonfang.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427176/; classtype:trojan-activity;sid:81290276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/ufyh4g/"; depth:14; endswith; http.host; content:"dunkingbirdproductions.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427175/; classtype:trojan-activity;sid:81290275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hidden/5vdo230fvvd0yo_uvfc0pr_8832375_sloi02u1k102wpex/external_warehouse/87324860_oxamjydq/"; depth:93; endswith; http.host; content:"mcgrafica.it"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427174/; classtype:trojan-activity;sid:81290274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flags/awiwsu/"; depth:14; endswith; http.host; content:"www.cluster1.be"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427173/; classtype:trojan-activity;sid:81290273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mine/available_array/close_profile/smhq4iyh_sxsmykodbnbn/"; depth:58; endswith; http.host; content:"spindelaar.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427172/; classtype:trojan-activity;sid:81290272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lm/86til9yuy/vrogt895779878119pr7eribu26q9ge/"; depth:54; endswith; http.host; content:"optimus.com.sg"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427171/; classtype:trojan-activity;sid:81290271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/document/"; depth:15; endswith; http.host; content:"essand.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427170/; classtype:trojan-activity;sid:81290270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/j04zrx/"; depth:17; endswith; http.host; content:"ampos.com.ng"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427169/; classtype:trojan-activity;sid:81290269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1080/report///"; depth:15; endswith; http.host; content:"backroom.co.nz"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427168/; classtype:trojan-activity;sid:81290268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/invoice/"; depth:16; endswith; http.host; content:"grecoson.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427167/; classtype:trojan-activity;sid:81290267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editor/x_fr6_s15/"; depth:18; endswith; http.host; content:"novelideas.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427166/; classtype:trojan-activity;sid:81290266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/payment/ieqwmjke9/"; depth:27; endswith; http.host; content:"aeroasia-interior.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427165/; classtype:trojan-activity;sid:81290265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajd/mqvyeq2/"; depth:13; endswith; http.host; content:"gammatron.com.au"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427164/; classtype:trojan-activity;sid:81290264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/swift/bbsn3azyc/5vndf7768486665987380invrbf8mi5cw523go/"; depth:64; endswith; http.host; content:"vasinfo.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427163/; classtype:trojan-activity;sid:81290263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/fgn_al1_gav0/"; depth:18; endswith; http.host; content:"overcreative.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427162/; classtype:trojan-activity;sid:81290262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/bg/css/ymiu_ow_uiatk/"; depth:26; endswith; http.host; content:"mosdk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427161/; classtype:trojan-activity;sid:81290261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/akmt_4ns_bau/"; depth:22; endswith; http.host; content:"mikeflavell.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427160/; classtype:trojan-activity;sid:81290260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/9wu_sjp_rvn/"; depth:17; endswith; http.host; content:"www.microcommindia.com"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427159/; classtype:trojan-activity;sid:81290259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/3j_g08k2_6s/"; depth:24; endswith; http.host; content:"focalaudiodesign.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427158/; classtype:trojan-activity;sid:81290258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/document/"; depth:18; endswith; http.host; content:"ramirezllc.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427157/; classtype:trojan-activity;sid:81290257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"122.116.222.215"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427156/; classtype:trojan-activity;sid:81290256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/invoice/"; depth:20; endswith; http.host; content:"santyago.org"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427155/; classtype:trojan-activity;sid:81290255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agencia/ctnjnsnhz/"; depth:19; endswith; http.host; content:"comunicacaovertical.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427154/; classtype:trojan-activity;sid:81290254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/available-box/verifiable-warehouse/g6xbmdt-58951809z/"; depth:62; endswith; http.host; content:"xristiana.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427153/; classtype:trojan-activity;sid:81290253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/doc/"; depth:17; endswith; http.host; content:"zakahlife.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427152/; classtype:trojan-activity;sid:81290252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/open-sector/6038920-53yjxsdfezwoyom-space/t1jbz6n-2fv1hkg5d/"; depth:69; endswith; http.host; content:"zmgmedia.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427151/; classtype:trojan-activity;sid:81290251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krams/pn9o734-1gvmp-8169/"; depth:26; endswith; http.host; content:"constey.de"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427150/; classtype:trojan-activity;sid:81290250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/esp/g5x4n3/2u6ao6970181751060ihxigzpx823h1n/"; depth:54; endswith; http.host; content:"bodbderg.net"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427149/; classtype:trojan-activity;sid:81290249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/closed-box/security-13521292-dnvvly/339055-e8pjh9s386/"; depth:60; endswith; http.host; content:"cityplanter.co.uk"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427148/; classtype:trojan-activity;sid:81290248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.68.251.98"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427147/; classtype:trojan-activity;sid:81290247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"113.133.226.72"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427146/; classtype:trojan-activity;sid:81290246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.127.78.8"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427145/; classtype:trojan-activity;sid:81290245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.61.115"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427144/; classtype:trojan-activity;sid:81290244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.39.12.66"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427143/; classtype:trojan-activity;sid:81290243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/gcutuwcjt/"; depth:22; endswith; http.host; content:"cosentinoconsult.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427142/; classtype:trojan-activity;sid:81290242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calledtochange/sites/5m8ugqb5264391426440025pdb1vrv8t9l6/"; depth:58; endswith; http.host; content:"calledtochange.org"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427141/; classtype:trojan-activity;sid:81290241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmp/protected-cek9qz4zvk2n65e-c5d84gi5/security-cloud/kypqw-52kkq0n9ywj9oa/"; depth:76; endswith; http.host; content:"www.colfincas.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427140/; classtype:trojan-activity;sid:81290240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_testing/scan/"; depth:15; endswith; http.host; content:"clearcall.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427139/; classtype:trojan-activity;sid:81290239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/personal-section/additional-forum/eav-t614vus/"; depth:57; endswith; http.host; content:"criesagirl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427138/; classtype:trojan-activity;sid:81290238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdetsob/available_zone/close_profile/ywylc85pewym_2hi0d6k10gzgg/"; depth:65; endswith; http.host; content:"rtisistemas.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427137/; classtype:trojan-activity;sid:81290237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lab/znqsiqhp/"; depth:14; endswith; http.host; content:"taolodge.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427136/; classtype:trojan-activity;sid:81290236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; http.host; content:"dl.river-store.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427135/; classtype:trojan-activity;sid:81290235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cwp_fencing/stjzskp/"; depth:21; endswith; http.host; content:"cwpfencing.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427134/; classtype:trojan-activity;sid:81290234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ut/"; depth:12; endswith; http.host; content:"daoisthealing.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427133/; classtype:trojan-activity;sid:81290233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index_files/etrac/pj24z43675411482719hlncmns9w/"; depth:48; endswith; http.host; content:"www.cuestionspirits.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427132/; classtype:trojan-activity;sid:81290232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/himalaya/multifunctional-022925-6vqqfxwlppyasf2/verified-forum/vxyfuc1rtz-jm6ew13ad/"; depth:85; endswith; http.host; content:"www.cwa.mx"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427131/; classtype:trojan-activity;sid:81290231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sliders/docs/lefa2wo59ph/1ce670027371000359465tcuomh0igl859jlm/"; depth:64; endswith; http.host; content:"www.cushionsandumbrellas.com"; depth:28; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427130/; classtype:trojan-activity;sid:81290230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/etrac/nv49wss/"; depth:21; endswith; http.host; content:"dahouse.pl"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427129/; classtype:trojan-activity;sid:81290229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/7dk68wp-aq8rec4x0t-zone/corporate-space/jtqq4e4a-bpacypgl3/"; depth:71; endswith; http.host; content:"www.databeuro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427128/; classtype:trojan-activity;sid:81290228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ep217002wdeskz/balance/jlgtf37878924753373idxa31tl8w6o9/"; depth:57; endswith; http.host; content:"davidnemeth.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427127/; classtype:trojan-activity;sid:81290227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xvxcoxdgs/"; depth:11; endswith; http.host; content:"flexitravel.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427126/; classtype:trojan-activity;sid:81290226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phpmailer/documentation/"; depth:25; endswith; http.host; content:"www.dealio.com.au"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427125/; classtype:trojan-activity;sid:81290225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peradice.com/scan/e5ey8c6730176069644535751z5zcgconqrx/"; depth:56; endswith; http.host; content:"goldenstatetow.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427124/; classtype:trojan-activity;sid:81290224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/personal_array/guarded_area/997800661438_xhmy3u/"; depth:58; endswith; http.host; content:"demostenes.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427123/; classtype:trojan-activity;sid:81290223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/fspv-2e4-1235/"; depth:19; endswith; http.host; content:"tewoerd.eu"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427122/; classtype:trojan-activity;sid:81290222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/payment/"; depth:18; endswith; http.host; content:"deltat.us"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427121/; classtype:trojan-activity;sid:81290221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mails/browse/7qixp9/9zvqvws98390902ebh2jx0n2kl2ny/"; depth:51; endswith; http.host; content:"detorre.es"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427120/; classtype:trojan-activity;sid:81290220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuentes/w3-jcv6-0375/"; depth:22; endswith; http.host; content:"www.doblementa.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427119/; classtype:trojan-activity;sid:81290219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cursoculinariasaudavel/lm/"; depth:27; endswith; http.host; content:"dewide.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427118/; classtype:trojan-activity;sid:81290218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wakeproblems.com/6m3kd0/"; depth:25; endswith; http.host; content:"summitcrest.co"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427117/; classtype:trojan-activity;sid:81290217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twitterapi/xxkd-bct-521/"; depth:25; endswith; http.host; content:"grupoleferas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427116/; classtype:trojan-activity;sid:81290216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wakeproblems.com/parts_service/3h27177696887zycdnz5jd2jk9opt9kvg/"; depth:66; endswith; http.host; content:"summitcrest.co"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427115/; classtype:trojan-activity;sid:81290215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/security/esp/vqqsmv1lgm/70cpc740029395746lp6yzhhdxhybn8mh/"; depth:59; endswith; http.host; content:"bdub.net"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427114/; classtype:trojan-activity;sid:81290214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system/uaxrziq/"; depth:16; endswith; http.host; content:"brandsstudio.pk"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427113/; classtype:trojan-activity;sid:81290213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kurban/private-disk/9985558643-ulflbb2s2kve-warehouse/wki-yy7z89s04y/"; depth:70; endswith; http.host; content:"demonesia.net"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427112/; classtype:trojan-activity;sid:81290212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/english/templates/docs/oct/"; depth:28; endswith; http.host; content:"ekramco.ir"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427111/; classtype:trojan-activity;sid:81290211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2020/tygn_q1ywxsopfnp_zone/verifiable_profile/87587141569_gazh8t3mm36u/"; depth:72; endswith; http.host; content:"figueiraseguros.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427110/; classtype:trojan-activity;sid:81290210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/document/y74k77538855612912149dnagczu4ozjrxsl53e/"; depth:55; endswith; http.host; content:"flamesofrichmond.co.uk"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427109/; classtype:trojan-activity;sid:81290209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erros/private_0276053_qflkbh/test_6mtph_rktg3/642861349_vr4hpomhkd1fl7q/"; depth:73; endswith; http.host; content:"mrveggy.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427108/; classtype:trojan-activity;sid:81290208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/protected_mssj8z07dpxndv_53t18dcpzqum9jjf/test_area/akzf9tbr0ehrkef1_w42szw24/"; depth:86; endswith; http.host; content:"icacc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427107/; classtype:trojan-activity;sid:81290207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/nrbcof/"; depth:16; endswith; http.host; content:"vandermade.eu"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427106/; classtype:trojan-activity;sid:81290206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/paclm/"; depth:14; endswith; http.host; content:"iensenada.cl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427105/; classtype:trojan-activity;sid:81290205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/private_module/interior_forum/hmvwck4cv_rl5n7if0ij3mzf/"; depth:67; endswith; http.host; content:"riserproperty.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427104/; classtype:trojan-activity;sid:81290204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; http.host; content:"194.87.138.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427103/; classtype:trojan-activity;sid:81290203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427102/; classtype:trojan-activity;sid:81290202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erros/invoice/lzitio646lyp/k6618015337841238n2ggnydkke3njxk6/"; depth:62; endswith; http.host; content:"intere.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427101/; classtype:trojan-activity;sid:81290201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/open_disk/interior_warehouse/28334446609_nxcb9yc/"; depth:59; endswith; http.host; content:"suhailacademy.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427100/; classtype:trojan-activity;sid:81290200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/lm/4x67045keveo2d0sht/"; depth:31; endswith; http.host; content:"rhema.com.sg"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427099/; classtype:trojan-activity;sid:81290199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/closed_section/additional_area/e3w6ppwhi064_20t0wyyy7072/"; depth:69; endswith; http.host; content:"suinfotech.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427098/; classtype:trojan-activity;sid:81290198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resumen-uso-inodos/dbvojipct/"; depth:30; endswith; http.host; content:"www.handler.cl"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427097/; classtype:trojan-activity;sid:81290197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"61.241.171.170"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427096/; classtype:trojan-activity;sid:81290196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sites/t3obd8/idfd7291874020149xv22nwoogue/"; depth:55; endswith; http.host; content:"robotics.kinex11.info"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427095/; classtype:trojan-activity;sid:81290195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/personal-6co1vkak8yrubli-y0hq3mm75/open-portal/hw11d-z9vxsu/"; depth:72; endswith; http.host; content:"uniteddatabase.net"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427094/; classtype:trojan-activity;sid:81290194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/new.exe"; depth:12; endswith; http.host; content:"192.227.158.103"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427093/; classtype:trojan-activity;sid:81290193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/paclm/ny2gs3576241xkuntda8iqegquxpk/"; depth:45; endswith; http.host; content:"slbqms.co.ls"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427092/; classtype:trojan-activity;sid:81290192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/newlee.exe"; depth:15; endswith; http.host; content:"192.227.158.103"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427091/; classtype:trojan-activity;sid:81290191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/oct/"; depth:16; endswith; http.host; content:"tgmobile.es"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427090/; classtype:trojan-activity;sid:81290190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/83c-ooswa-84718/"; depth:21; endswith; http.host; content:"www.kosses.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427089/; classtype:trojan-activity;sid:81290189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/english/multifunctional-module/test-cloud/xbtiofquqz-6v4xu/"; depth:60; endswith; http.host; content:"www.ekramco.ir"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427088/; classtype:trojan-activity;sid:81290188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wine/lm/"; depth:9; endswith; http.host; content:"winepalace.ge"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427087/; classtype:trojan-activity;sid:81290187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"115.201.32.109"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427086/; classtype:trojan-activity;sid:81290186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cache/auugrhti-tya5b-12002/"; depth:28; endswith; http.host; content:"www.janoshi.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427085/; classtype:trojan-activity;sid:81290185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/13j302yjo730/bz2j702716599132edwe8wwambc05trx1klf/"; depth:55; endswith; http.host; content:"www.rhinoplas.co.id"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427084/; classtype:trojan-activity;sid:81290184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/b4pn-7x1l-499952/"; depth:30; endswith; http.host; content:"kultfitness.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427083/; classtype:trojan-activity;sid:81290183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/file/"; depth:12; endswith; http.host; content:"www.dotmarket.rs"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427082/; classtype:trojan-activity;sid:81290182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/open-resource/evd3hv7i-71bup2v4c-forum/usabtycio-9oli62mlpt05q/"; depth:68; endswith; http.host; content:"www.vpinversiones.cl"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427081/; classtype:trojan-activity;sid:81290181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"180.118.63.206"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427080/; classtype:trojan-activity;sid:81290180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/payment/"; depth:21; endswith; http.host; content:"www.saludenestambul.com"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427079/; classtype:trojan-activity;sid:81290179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.4.126"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427078/; classtype:trojan-activity;sid:81290178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"116.114.95.172"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427077/; classtype:trojan-activity;sid:81290177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.234.33.224"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427076/; classtype:trojan-activity;sid:81290176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.237.90"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427075/; classtype:trojan-activity;sid:81290175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.183.128"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427074/; classtype:trojan-activity;sid:81290174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.30.11"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427073/; classtype:trojan-activity;sid:81290173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.45.55"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427072/; classtype:trojan-activity;sid:81290172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.164.25.228"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427071/; classtype:trojan-activity;sid:81290171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"182.117.243.18"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427070/; classtype:trojan-activity;sid:81290170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.146.243.17"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427069/; classtype:trojan-activity;sid:81290169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"27.41.208.207"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427068/; classtype:trojan-activity;sid:81290168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.78.146"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427067/; classtype:trojan-activity;sid:81290167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5t34_ipz_2/opzbi0j_i5q76ooxa7b5q_sector/close_n6jk04h2_6vrqbmbc/gpxxofvo4rxz_dzmj95f4po/"; depth:89; endswith; http.host; content:"yeandle.co.uk"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427066/; classtype:trojan-activity;sid:81290166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blogs/cpiqkzre/"; depth:16; endswith; http.host; content:"kyleriffic.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427065/; classtype:trojan-activity;sid:81290165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"111.43.223.100"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427064/; classtype:trojan-activity;sid:81290164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloadcid=8e778d4a23c91a07|7c|26|7c|resid=8e778d4a23c91a07%21249|7c|26|7c|authkey=ahvfgfh84wy2pec"; depth:100; endswith; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427063/; classtype:trojan-activity;sid:81290163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"114.239.31.248"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427062/; classtype:trojan-activity;sid:81290162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"117.87.135.201"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427061/; classtype:trojan-activity;sid:81290161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.230.254.53"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427060/; classtype:trojan-activity;sid:81290160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/multifunctional-resource/special-warehouse/55837026010-ywdotb7r/"; depth:76; endswith; http.host; content:"www.duhallow.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427059/; classtype:trojan-activity;sid:81290159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts_index/846138489532/1vzrgq3x/"; depth:37; endswith; http.host; content:"djhavoc.net"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427058/; classtype:trojan-activity;sid:81290158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/5kxo-ji0lyre5fwb-trhbrglrvx-ga0cuqm/guarded-space/25796653563311-qnbseemw/"; depth:86; endswith; http.host; content:"ertiryaki.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427057/; classtype:trojan-activity;sid:81290157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/b9zbqj12852370cjh4pad3e6ghcdvbp/"; depth:44; endswith; http.host; content:"www.fizion.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427056/; classtype:trojan-activity;sid:81290156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/open-sector/346780231-4e4w12am-cloud/bznbba-n70lanmkjv4mv/"; depth:66; endswith; http.host; content:"fmcav.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427055/; classtype:trojan-activity;sid:81290155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fancybox/etrac/aih27slhj/"; depth:26; endswith; http.host; content:"pappattila.hu"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427054/; classtype:trojan-activity;sid:81290154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"173.161.208.193"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427053/; classtype:trojan-activity;sid:81290153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/available-disk/security-space/75m4qh-kfnrmgiginlh/"; depth:51; endswith; http.host; content:"sanhueza3.cl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427052/; classtype:trojan-activity;sid:81290152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diffhotel/file/918gth64/pwuua85590394870249mg6q81vuge/"; depth:55; endswith; http.host; content:"ehumanteam.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427051/; classtype:trojan-activity;sid:81290151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/var/tmp/xfers/available-array/guarded-space/2596882-fxqibi/"; depth:60; endswith; http.host; content:"michaelphilip.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427050/; classtype:trojan-activity;sid:81290150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/now/781787470248_tzrud5c7jv_5zk8b03mim_jn6oesn/special_uomhpkjy1z_zkf9lkka/hwkdj4gk5_3yjxnyxd4/"; depth:96; endswith; http.host; content:"webpresario.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427049/; classtype:trojan-activity;sid:81290149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/gcphtykgp/"; depth:15; endswith; http.host; content:"salserosbcn.es"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427048/; classtype:trojan-activity;sid:81290148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moving.page/xuyn10238/"; depth:23; endswith; http.host; content:"voyage.co.ua"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427047/; classtype:trojan-activity;sid:81290147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/iet46876/"; depth:18; endswith; http.host; content:"msograteful.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427046/; classtype:trojan-activity;sid:81290146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indianlake/ep/"; depth:15; endswith; http.host; content:"msmartyford.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427045/; classtype:trojan-activity;sid:81290145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/de0xyb/"; depth:16; endswith; http.host; content:"myofficeplus.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427044/; classtype:trojan-activity;sid:81290144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uplifting/invoice/"; depth:19; endswith; http.host; content:"monom.si"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427043/; classtype:trojan-activity;sid:81290143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/framelines/j0ly4hf/uv2100676158985568x04fb6b376bvfk9z/"; depth:55; endswith; http.host; content:"nickkind.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427042/; classtype:trojan-activity;sid:81290142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editor/x_fr6_s15/"; depth:18; endswith; http.host; content:"www.novelideas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427041/; classtype:trojan-activity;sid:81290141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plesk-stat/auai_ow6_n1w7n7/"; depth:28; endswith; http.host; content:"nsb.org.uk"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427040/; classtype:trojan-activity;sid:81290140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/3_69_x/"; depth:16; endswith; http.host; content:"norahkhi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427039/; classtype:trojan-activity;sid:81290139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verimages/2_hnrh_z6b/"; depth:22; endswith; http.host; content:"nationalboilermaking.com.au"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427038/; classtype:trojan-activity;sid:81290138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/news=year/8s9a4_rd_bgq/"; depth:24; endswith; http.host; content:"nightowlmusic.net"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427037/; classtype:trojan-activity;sid:81290137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/report/"; depth:17; endswith; http.host; content:"www.kecsfila.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427036/; classtype:trojan-activity;sid:81290136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.61.127"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427035/; classtype:trojan-activity;sid:81290135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/open_array/open_space/pdikn_jju58api98j/"; depth:41; endswith; http.host; content:"erzschlaeger.de"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427034/; classtype:trojan-activity;sid:81290134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/3088741776845/rl8cje/ofqn7h195134412352199551j9p6bdztw26vwd/"; depth:69; endswith; http.host; content:"onfejlesztovideok.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427033/; classtype:trojan-activity;sid:81290133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evelaer/swift/"; depth:15; endswith; http.host; content:"joswinter.nl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427032/; classtype:trojan-activity;sid:81290132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/pphxvhvn/"; depth:22; endswith; http.host; content:"nixolas.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427031/; classtype:trojan-activity;sid:81290131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uglpw/rjf52wilni59293/"; depth:23; endswith; http.host; content:"itvinci.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427030/; classtype:trojan-activity;sid:81290130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vivantphoto/urudy/"; depth:19; endswith; http.host; content:"ishbudesign.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427029/; classtype:trojan-activity;sid:81290129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wysiwygpro/k8c4j17/"; depth:20; endswith; http.host; content:"belectricinc.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427028/; classtype:trojan-activity;sid:81290128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/ovmk9r6degwws3328/"; depth:27; endswith; http.host; content:"chaoscopia.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427027/; classtype:trojan-activity;sid:81290127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/common-zone/05792071-ceva4p-forum/gnwy3uy-coilhmk1/"; depth:60; endswith; http.host; content:"lungsrus.org"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427026/; classtype:trojan-activity;sid:81290126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vse-massagepraxis.ch/overview/"; depth:31; endswith; http.host; content:"kae.ch"; depth:6; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427025/; classtype:trojan-activity;sid:81290125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/955uwhcpf1vw/30078651923af72rgzq5xfyj3r0w/"; depth:55; endswith; http.host; content:"tecnozam.cl"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427024/; classtype:trojan-activity;sid:81290124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/promocao/payment/i5sirnt4ii2/"; depth:30; endswith; http.host; content:"planartgrafica.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427023/; classtype:trojan-activity;sid:81290123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/portal-assets/available_resource/individual_warehouse/49l4ghvu1_99y89zu5w4t/"; depth:77; endswith; http.host; content:"www.propvid.tv"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427022/; classtype:trojan-activity;sid:81290122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/protected-section/verified-area/pkik2g-y74u7y7u692v89/"; depth:63; endswith; http.host; content:"www.rbrandguitars.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427021/; classtype:trojan-activity;sid:81290121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloader/public/"; depth:19; endswith; http.host; content:"www.scootervenlo.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427020/; classtype:trojan-activity;sid:81290120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/report/"; depth:16; endswith; http.host; content:"frederikhardeman.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427019/; classtype:trojan-activity;sid:81290119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/public/9znnwur9zqjf/"; depth:32; endswith; http.host; content:"www.fulltel.it"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427018/; classtype:trojan-activity;sid:81290118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test1/open_sector/oqbqafhi_dthxwepepb5i_space/r1ntpkemu8ty5rcc_9s7143yw95w1uy/"; depth:79; endswith; http.host; content:"www.geotechnic.co.uk"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427017/; classtype:trojan-activity;sid:81290117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/site/swift/"; depth:12; endswith; http.host; content:"galaenterprises.com.au"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427016/; classtype:trojan-activity;sid:81290116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/etrac/iwzdod5v068/"; depth:27; endswith; http.host; content:"geekyhillbilly.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427015/; classtype:trojan-activity;sid:81290115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/multifunctional-resource/open-warehouse/xdr-u1vzy4sx/"; depth:65; endswith; http.host; content:"www.lerasole.it"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427014/; classtype:trojan-activity;sid:81290114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m-i.p-s.ghoul"; depth:19; endswith; http.host; content:"192.3.194.169"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427013/; classtype:trojan-activity;sid:81290113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm"; depth:24; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427012/; classtype:trojan-activity;sid:81290112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.mpsl"; depth:25; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427011/; classtype:trojan-activity;sid:81290111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.sh4"; depth:24; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427010/; classtype:trojan-activity;sid:81290110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.x86"; depth:24; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427009/; classtype:trojan-activity;sid:81290109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.m68k"; depth:25; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427008/; classtype:trojan-activity;sid:81290108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm5"; depth:25; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427007/; classtype:trojan-activity;sid:81290107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm6"; depth:25; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427006/; classtype:trojan-activity;sid:81290106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.arm7"; depth:25; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427005/; classtype:trojan-activity;sid:81290105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.ppc"; depth:24; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427004/; classtype:trojan-activity;sid:81290104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beastmode/b3astmode.mips"; depth:25; endswith; http.host; content:"157.245.253.146"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427003/; classtype:trojan-activity;sid:81290103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/closed_array/corporate_qvt1wrail_wizvz4iwc2/mb2cyxzujux_et9l1ippzgs5/"; depth:76; endswith; http.host; content:"lindnerelektroanlagen.de"; depth:24; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427002/; classtype:trojan-activity;sid:81290102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/g_r_f/"; depth:15; endswith; http.host; content:"onefarmdesign.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427001/; classtype:trojan-activity;sid:81290101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/common_4718407379_zprircc/individual_741381927411_8rm0wncxkb/d0bwa_senm0mwlrigxt/"; depth:90; endswith; http.host; content:"givingthanksdaily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427000/; classtype:trojan-activity;sid:81290100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajd/mqvyeq2/"; depth:13; endswith; http.host; content:"www.gammatron.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426999/; classtype:trojan-activity;sid:81290099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/public/y024j4a/u9lzj93381166213eal53x4d8lfyt9/"; depth:59; endswith; http.host; content:"globaliaespacios.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426998/; classtype:trojan-activity;sid:81290098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ww4w/4408657824-brmsia8tm-module/special-vo4rjk-xx8cn/s4qmguv-qzrdrkn1eia/"; depth:75; endswith; http.host; content:"gooddogrescue.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426997/; classtype:trojan-activity;sid:81290097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meteo/yzr30f/p26396017105o0ze92pyipvm9vi6s2/"; depth:45; endswith; http.host; content:"www.gozowindmill.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426996/; classtype:trojan-activity;sid:81290096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.22.187"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426995/; classtype:trojan-activity;sid:81290095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"123.12.76.238"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426994/; classtype:trojan-activity;sid:81290094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"176.221.206.179"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426993/; classtype:trojan-activity;sid:81290093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"46.235.74.7"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426992/; classtype:trojan-activity;sid:81290092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parts_service/"; depth:15; endswith; http.host; content:"philosopherswheel.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426991/; classtype:trojan-activity;sid:81290091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ut_jpkooqwq03w_tkmoqwn_3mhtehx5fmg/test_profile/dbtgciejaip_4qiemxlh/"; depth:78; endswith; http.host; content:"lagershop.rs"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426990/; classtype:trojan-activity;sid:81290090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jerseycarservice/private_zone/security_cloud/l6k5hi1_41xs822zzx7ss/"; depth:68; endswith; http.host; content:"quantusmarketing.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426989/; classtype:trojan-activity;sid:81290089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/multifunctional-yvyk7yt5-k933ibfli/external-portal/ab57-y220t/"; depth:74; endswith; http.host; content:"quickwood.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426988/; classtype:trojan-activity;sid:81290088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wofz_kcpveptzud_q2xve_7tx8jho1ncda4/special_forum/4dzr3t0k2beum_1804364/"; depth:82; endswith; http.host; content:"juliekaplanphoto.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426987/; classtype:trojan-activity;sid:81290087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/2ckroh565z/docs/en54nby/"; depth:34; endswith; http.host; content:"vidiantec.cl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426986/; classtype:trojan-activity;sid:81290086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobil/efizkam2bc_fu179k4hd_module/guarded_4410519_yaq1tvqfu/fwsssio9v_1pi3isisdj/"; depth:82; endswith; http.host; content:"askcafe.net"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426985/; classtype:trojan-activity;sid:81290085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kungdoc/winlog.exe"; depth:19; endswith; http.host; content:"kungwsdycommunicationtarisupliermg41ghd.duckdns.org"; depth:51; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426984/; classtype:trojan-activity;sid:81290084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/majicmanx/crypted.exe"; depth:22; endswith; http.host; content:"abass.ir"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426983/; classtype:trojan-activity;sid:81290083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/esmqymypkt_h6r6pwrrcn_d3rul7_wm5v3tx2ujp0uo/security_area/4647052799718_pl9qsnrm6zwz7y8/"; depth:95; endswith; http.host; content:"www.mjhl.com.mx"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426982/; classtype:trojan-activity;sid:81290082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bwget"; depth:6; endswith; http.host; content:"185.61.137.165"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426981/; classtype:trojan-activity;sid:81290081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin_bqyciwlphg214.bin"; depth:22; endswith; http.host; content:"111.90.138.208"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426980/; classtype:trojan-activity;sid:81290080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laravel/vendor/phpunit/phpunit/src/util/log/back/loader_irsjlb94.bin"; depth:69; endswith; http.host; content:"weg-anwalt-online.de"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426979/; classtype:trojan-activity;sid:81290079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laravel/vendor/phpunit/phpunit/src/util/log/main/loader_irsjlb94.bin"; depth:69; endswith; http.host; content:"weg-anwalt-online.de"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426978/; classtype:trojan-activity;sid:81290078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/open_473145766266_zhkvv5n/interior_portal/oofnv2_6wuxs/"; depth:63; endswith; http.host; content:"c0140529.ferozo.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426977/; classtype:trojan-activity;sid:81290077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/j04zrx/"; depth:17; endswith; http.host; content:"ampos.com.ng"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426976/; classtype:trojan-activity;sid:81290076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/done/page/css/3864924///"; depth:25; endswith; http.host; content:"imaspro.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426975/; classtype:trojan-activity;sid:81290075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/t55prjrdcx/0y8615606244201084438n0kq7whr/"; depth:49; endswith; http.host; content:"seismophonic.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426974/; classtype:trojan-activity;sid:81290074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/reporting/wsh4qpml1y/"; depth:34; endswith; http.host; content:"annabphotography.co.uk"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426973/; classtype:trojan-activity;sid:81290073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amazonchecker.com/public/g3ia2rdbim/v4u410922417684700ryf0hwmc6e4dn/"; depth:69; endswith; http.host; content:"gamemechanics.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426972/; classtype:trojan-activity;sid:81290072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assinatura/report/331h20919336351xlh56yl2o3tlseb6h9/"; depth:53; endswith; http.host; content:"lupusalimentos.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426971/; classtype:trojan-activity;sid:81290071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/print/79117882563/"; depth:19; endswith; http.host; content:"isatechnology.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426970/; classtype:trojan-activity;sid:81290070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ar/doc///"; depth:10; endswith; http.host; content:"www.aistidafa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426969/; classtype:trojan-activity;sid:81290069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/474479231276527/"; depth:21; endswith; http.host; content:"cnoenc.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426968/; classtype:trojan-activity;sid:81290068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1080/report///"; depth:15; endswith; http.host; content:"backroom.co.nz"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426967/; classtype:trojan-activity;sid:81290067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1080/file/"; depth:11; endswith; http.host; content:"backroom.co.nz"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426966/; classtype:trojan-activity;sid:81290066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/common_sector/individual_area/g9wkcunw_zjjshnbyl8/"; depth:60; endswith; http.host; content:"crearechile.cl"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426965/; classtype:trojan-activity;sid:81290065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"74.195.115.176"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426964/; classtype:trojan-activity;sid:81290064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lf0709yedm/common-awoxggw7ekyp8-i0viklmqgssnywr/interior-forum/rgzddm-ioldw551s/"; depth:81; endswith; http.host; content:"janakre.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426963/; classtype:trojan-activity;sid:81290063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hospital/payment/"; depth:18; endswith; http.host; content:"cimsjr.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426962/; classtype:trojan-activity;sid:81290062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/x86.hopeidonthittheurlhausabuse"; depth:63; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426961/; classtype:trojan-activity;sid:81290061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/x32.hopeidonthittheurlhausabuse"; depth:63; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426960/; classtype:trojan-activity;sid:81290060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/sh4.hopeidonthittheurlhausabuse"; depth:63; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426959/; classtype:trojan-activity;sid:81290059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/ppc.hopeidonthittheurlhausabuse"; depth:63; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426958/; classtype:trojan-activity;sid:81290058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/mpsl.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426957/; classtype:trojan-activity;sid:81290057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/mips.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426956/; classtype:trojan-activity;sid:81290056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/m68k.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426955/; classtype:trojan-activity;sid:81290055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/i586.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426954/; classtype:trojan-activity;sid:81290054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/arm7.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426953/; classtype:trojan-activity;sid:81290053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/arm6.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426952/; classtype:trojan-activity;sid:81290052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/arm5.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426951/; classtype:trojan-activity;sid:81290051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeidonthittheurlhausabuselol/arm4.hopeidonthittheurlhausabuse"; depth:64; endswith; http.host; content:"198.46.209.159"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426950/; classtype:trojan-activity;sid:81290050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//wp-content/plugins/--/https:/www.afenergia.it/cliente=test@test.it"; depth:68; endswith; http.host; content:"www.hse.com.bn"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426949/; classtype:trojan-activity;sid:81290049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asset/0cc3sjf/dwhz6yr60311487960399018uquvz246oc/"; depth:50; endswith; http.host; content:"denizyahci.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426948/; classtype:trojan-activity;sid:81290048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; http.host; content:"46.239.4.5"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426947/; classtype:trojan-activity;sid:81290047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/common_array/corporate_581119_8ijxdsmw00y/83apxfhr6jkcf2_89wt19t/"; depth:73; endswith; http.host; content:"katana.co.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426946/; classtype:trojan-activity;sid:81290046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/sites/"; depth:18; endswith; http.host; content:"filmuloctav.ro"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426945/; classtype:trojan-activity;sid:81290045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/report/"; depth:18; endswith; http.host; content:"glads.ir"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426944/; classtype:trojan-activity;sid:81290044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old/parts_service/i7sgfjl/"; depth:27; endswith; http.host; content:"galeshwarashram.org.np"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426943/; classtype:trojan-activity;sid:81290043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/parts_service/"; depth:18; endswith; http.host; content:"ctib.ro"; depth:7; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426942/; classtype:trojan-activity;sid:81290042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/available-array/open-profile/s6g6p0hjyrg-2y6tu58ws2xs21/"; depth:64; endswith; http.host; content:"www.kriskate.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426941/; classtype:trojan-activity;sid:81290041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/docs/"; depth:18; endswith; http.host; content:"gunesulkesi.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426940/; classtype:trojan-activity;sid:81290040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/done/page/css/3864924/"; depth:23; endswith; http.host; content:"imaspro.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426939/; classtype:trojan-activity;sid:81290039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/sites/"; depth:11; endswith; http.host; content:"ipsummit.me"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426938/; classtype:trojan-activity;sid:81290038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/docs/r4kpnav5/"; depth:24; endswith; http.host; content:"kecsfila.hu"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426937/; classtype:trojan-activity;sid:81290037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/esp/24bqv6x/"; depth:21; endswith; http.host; content:"laminingraphics.co.za"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426936/; classtype:trojan-activity;sid:81290036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/documentation/"; depth:27; endswith; http.host; content:"jawara.pro"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426935/; classtype:trojan-activity;sid:81290035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/documentation/8xnvcx8qy/jqzb05200830002536qgnwj1vizuyd44/"; depth:63; endswith; http.host; content:"lokeshullamkecskemet.hu"; depth:23; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426934/; classtype:trojan-activity;sid:81290034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/payment/n27j435184836830zkr2t5d8loemooj/"; depth:53; endswith; http.host; content:"limpio.ba"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426933/; classtype:trojan-activity;sid:81290033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/murcia/attachments/"; depth:20; endswith; http.host; content:"nasim.hostlin.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426932/; classtype:trojan-activity;sid:81290032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/themes/etrac/wodtsnv1w/"; depth:24; endswith; http.host; content:"editorasede.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426931/; classtype:trojan-activity;sid:81290031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/browse/"; depth:19; endswith; http.host; content:"parasol.com.my"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426930/; classtype:trojan-activity;sid:81290030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/overview/"; depth:14; endswith; http.host; content:"poskorea.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426929/; classtype:trojan-activity;sid:81290029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/llc/02wk2l7syx/71oqtyv4835276801yg4xksx1qoutnn9ecms/"; depth:65; endswith; http.host; content:"pastaciyiz.biz"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426928/; classtype:trojan-activity;sid:81290028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shortcodes/bmsofc38humi/"; depth:25; endswith; http.host; content:"renergyholdings.com"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426927/; classtype:trojan-activity;sid:81290027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/esp/gkh96px4g19///"; depth:27; endswith; http.host; content:"www.yeumoitruong.vn"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426926/; classtype:trojan-activity;sid:81290026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/ag6884ym//"; depth:19; endswith; http.host; content:"bangkokcityjewel.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426925/; classtype:trojan-activity;sid:81290025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/swift/bbsn3azyc/5vndf7768486665987380invrbf8mi5cw523go/"; depth:64; endswith; http.host; content:"www.vasinfo.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426924/; classtype:trojan-activity;sid:81290024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/addon_domains/xf5mvahmx8lx/"; depth:28; endswith; http.host; content:"www.shineatd.a2hosted.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426923/; classtype:trojan-activity;sid:81290023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/website.irenicinternational.in/parts_service/"; depth:46; endswith; http.host; content:"www.irenicinternational.in"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426922/; classtype:trojan-activity;sid:81290022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins/reporting/"; depth:19; endswith; http.host; content:"www.astrocorfu.gr"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426921/; classtype:trojan-activity;sid:81290021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esp/qs5q115eqs///"; depth:18; endswith; http.host; content:"andythomas.co.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426920/; classtype:trojan-activity;sid:81290020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sai/3e9r5fak7r5j/"; depth:18; endswith; http.host; content:"saimission.org"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426919/; classtype:trojan-activity;sid:81290019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/report/8orh3dovx/"; depth:22; endswith; http.host; content:"suzukistallion.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426918/; classtype:trojan-activity;sid:81290018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/u7z2xxp21m/"; depth:20; endswith; http.host; content:"www.cistilniservis-t530.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426917/; classtype:trojan-activity;sid:81290017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/statement/"; depth:19; endswith; http.host; content:"toprakmedia.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426916/; classtype:trojan-activity;sid:81290016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/8307651043718885/"; depth:23; endswith; http.host; content:"vivahforever.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426915/; classtype:trojan-activity;sid:81290015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/payment/ieqwmjke9/"; depth:27; endswith; http.host; content:"www.aeroasia-interior.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426914/; classtype:trojan-activity;sid:81290014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ar/doc/"; depth:8; endswith; http.host; content:"www.aistidafa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426913/; classtype:trojan-activity;sid:81290013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.172.135.16"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426912/; classtype:trojan-activity;sid:81290012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"188.169.36.234"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426911/; classtype:trojan-activity;sid:81290011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"221.5.28.99"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426910/; classtype:trojan-activity;sid:81290010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.138.186.220"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426909/; classtype:trojan-activity;sid:81290009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.5.129"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426908/; classtype:trojan-activity;sid:81290008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.45.15.152"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426907/; classtype:trojan-activity;sid:81290007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"49.89.137.209"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426906/; classtype:trojan-activity;sid:81290006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/payment/"; depth:21; endswith; http.host; content:"incotel.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426905/; classtype:trojan-activity;sid:81290005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1080/report/"; depth:13; endswith; http.host; content:"backroom.co.nz"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426904/; classtype:trojan-activity;sid:81290004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/docs/50fajrvh4l/098sme490216131224igjfrhlggpebag7kb5g/"; depth:67; endswith; http.host; content:"www.cagev.org"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426903/; classtype:trojan-activity;sid:81290003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/document/"; depth:15; endswith; http.host; content:"www.essand.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426902/; classtype:trojan-activity;sid:81290002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/invoice/"; depth:16; endswith; http.host; content:"www.grecoson.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426901/; classtype:trojan-activity;sid:81290001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/6p0edjff/i2255071945525776994lkqr1kbmprqeyi5rxft7/"; depth:61; endswith; http.host; content:"www.geoav.cl"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426900/; classtype:trojan-activity;sid:81290000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/etrac/8qils43qi2t/"; depth:31; endswith; http.host; content:"www.jawara.pro"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426899/; classtype:trojan-activity;sid:81289999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/website.irenicinternational.in/parts_service/"; depth:46; endswith; http.host; content:"www.irenicinternational.in"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426898/; classtype:trojan-activity;sid:81289998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/document/11cixrmte0/"; depth:29; endswith; http.host; content:"www.logisafe.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426897/; classtype:trojan-activity;sid:81289997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/invoice/y6sl5s/"; depth:21; endswith; http.host; content:"www.lokeshullamkecskemet.hu"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426896/; classtype:trojan-activity;sid:81289996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonts/uatir68/"; depth:15; endswith; http.host; content:"www.mjhl.com.mx"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426895/; classtype:trojan-activity;sid:81289995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/file/"; depth:18; endswith; http.host; content:"www.niaayuningimandari.com"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426894/; classtype:trojan-activity;sid:81289994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/4y0z21g/bcb735187592043c8n2h085cq/"; depth:46; endswith; http.host; content:"www.palestina.gob.ec"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426893/; classtype:trojan-activity;sid:81289993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/yopy26eytho/t8831033702902096n9lyiobpbxdoxwo/"; depth:54; endswith; http.host; content:"www.cistilniservis-t530.com"; depth:27; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426892/; classtype:trojan-activity;sid:81289992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awstats/qz0nc-a37c8-065/"; depth:25; endswith; http.host; content:"jantosam.com"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426891/; classtype:trojan-activity;sid:81289991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/hhdwtpeqh/"; depth:16; endswith; http.host; content:"hardcorelives.co.uk"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426890/; classtype:trojan-activity;sid:81289990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/archive/rafjcj/n0our2a/6119f73267613342199tstti2gdp2rfa48difd/"; depth:63; endswith; http.host; content:"mccallum-enterprises.co.uk"; depth:26; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426889/; classtype:trojan-activity;sid:81289989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2048puzzle/lm/oa2mc74dt/q3a08252019n6o6xghpnile806y/"; depth:53; endswith; http.host; content:"zuhapps.com"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426888/; classtype:trojan-activity;sid:81289988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payment/x268207360832161e8od3hlmpdwbawruan6v/"; depth:46; endswith; http.host; content:"www.visgroup.pl"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426887/; classtype:trojan-activity;sid:81289987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connections/lm/0xqvuo/psh90rp93690649361ilcevq7k7rqxlnf/"; depth:57; endswith; http.host; content:"www.kunsttrip.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426886/; classtype:trojan-activity;sid:81289986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/payment/"; depth:16; endswith; http.host; content:"www.kor-network.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426885/; classtype:trojan-activity;sid:81289985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/racing/esp/"; depth:12; endswith; http.host; content:"www.jwiltshire.org.uk"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426884/; classtype:trojan-activity;sid:81289984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cache/nwezn416a/"; depth:17; endswith; http.host; content:"willow-nettica.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426883/; classtype:trojan-activity;sid:81289983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payment/x268207360832161e8od3hlmpdwbawruan6v/"; depth:46; endswith; http.host; content:"visgroup.pl"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426882/; classtype:trojan-activity;sid:81289982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/admin/postimage/inc/zuy6meqe7/0ye4107030747782410919xqpvrs85n341pat/"; depth:69; endswith; http.host; content:"uscomponent.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426881/; classtype:trojan-activity;sid:81289981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/hj48shax0r6/"; depth:22; endswith; http.host; content:"tuncambalaj.com.tr"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426880/; classtype:trojan-activity;sid:81289980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/swift/bbsn3azyc/5vndf7768486665987380invrbf8mi5cw523go/"; depth:64; endswith; http.host; content:"www.vasinfo.com.br"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426879/; classtype:trojan-activity;sid:81289979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/paclm/9iw23ewv5y2/"; depth:30; endswith; http.host; content:"ksgresearch.org"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426878/; classtype:trojan-activity;sid:81289978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/5d1fnrq3t6c/gwdu6n4/"; depth:25; endswith; http.host; content:"azjones.info"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426877/; classtype:trojan-activity;sid:81289977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/provisorio/221386537620361/"; depth:28; endswith; http.host; content:"actacomunicacao.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426876/; classtype:trojan-activity;sid:81289976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/esp/gkh96px4g19/"; depth:25; endswith; http.host; content:"www.yeumoitruong.vn"; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426875/; classtype:trojan-activity;sid:81289975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/available_module/open_profile/887398_5q3uu3q/"; depth:55; endswith; http.host; content:"www.pacom.it"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426874/; classtype:trojan-activity;sid:81289974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/processo/of33d2_r26rfmlrk7pphmwx_disk/jyzk5lmq4e_ecllrqq9e_23gzy_xdgbb1nba/2fiib91_35xxxx7y/"; depth:93; endswith; http.host; content:"www.novaes.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426873/; classtype:trojan-activity;sid:81289973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/open_eyhsshch_ebbncoimb/guarded_forum/lb9nnjvqx_x23vs/"; depth:55; endswith; http.host; content:"schoelu.ch"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426872/; classtype:trojan-activity;sid:81289972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/wofz_kcpveptzud_q2xve_7tx8jho1ncda4/special_forum/4dzr3t0k2beum_1804364/|7c|3b|7c|/"; depth:93; endswith; http.host; content:"juliekaplanphoto.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426871/; classtype:trojan-activity;sid:81289971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/parts_service/"; depth:27; endswith; http.host; content:"haek.net"; depth:8; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426870/; classtype:trojan-activity;sid:81289970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c950e/llc/026oek/"; depth:19; endswith; http.host; content:"heartssetfree.org"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426869/; classtype:trojan-activity;sid:81289969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/documentation/"; depth:23; endswith; http.host; content:"henkphilipsen.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426868/; classtype:trojan-activity;sid:81289968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/localhost/parts_service/"; depth:25; endswith; http.host; content:"hofhuistechniek.nl"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426867/; classtype:trojan-activity;sid:81289967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/balance/6zmlph3g756t/"; depth:30; endswith; http.host; content:"hostech.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426866/; classtype:trojan-activity;sid:81289966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vianna/lm/"; depth:11; endswith; http.host; content:"idealli.com.br"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426865/; classtype:trojan-activity;sid:81289965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/r0qqvg8478376162845113pbnzz5kgjt48wwgdoi4h/"; depth:53; endswith; http.host; content:"kibrit.com.tr"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426864/; classtype:trojan-activity;sid:81289964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me-tlv.co.il/oct/"; depth:18; endswith; http.host; content:"slideit.co.il"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426863/; classtype:trojan-activity;sid:81289963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/option-tree/etrac/"; depth:19; endswith; http.host; content:"www.ifitmoves.net"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426862/; classtype:trojan-activity;sid:81289962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photos/etrac/vsmql7nn4ic2/"; depth:27; endswith; http.host; content:"irvingstudios.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426861/; classtype:trojan-activity;sid:81289961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/print/79117882563/"; depth:19; endswith; http.host; content:"www.isatechnology.com"; depth:21; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426860/; classtype:trojan-activity;sid:81289960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/sites/lrhimcw3/g28zv6772164044uqmypmnxgvri6onxba/"; depth:62; endswith; http.host; content:"itgastaldi.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426859/; classtype:trojan-activity;sid:81289959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; http.host; content:"89.42.210.116"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426858/; classtype:trojan-activity;sid:81289958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; http.host; content:"89.42.210.116"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426857/; classtype:trojan-activity;sid:81289957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; http.host; content:"89.42.210.116"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426856/; classtype:trojan-activity;sid:81289956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33bi/ares.x86"; depth:14; endswith; http.host; content:"89.42.210.116"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426855/; classtype:trojan-activity;sid:81289955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33bi/ares.mpsl"; depth:15; endswith; http.host; content:"89.42.210.116"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426854/; classtype:trojan-activity;sid:81289954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33bi/ares.mips"; depth:15; endswith; http.host; content:"89.42.210.116"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426853/; classtype:trojan-activity;sid:81289953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/includes/parts_service/tb5r0epqp9d/"; depth:47; endswith; http.host; content:"www.knightlycomputing.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426852/; classtype:trojan-activity;sid:81289952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/bkat35q3w/"; depth:19; endswith; http.host; content:"giantsinthesky.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426851/; classtype:trojan-activity;sid:81289951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"106.110.115.105"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426850/; classtype:trojan-activity;sid:81289950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"149.3.36.210"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426849/; classtype:trojan-activity;sid:81289949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"172.36.12.199"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426848/; classtype:trojan-activity;sid:81289948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"121.233.116.178"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426847/; classtype:trojan-activity;sid:81289947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"112.17.152.195"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426846/; classtype:trojan-activity;sid:81289946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"222.188.221.118"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426845/; classtype:trojan-activity;sid:81289945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; http.host; content:"31.146.249.198"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426844/; classtype:trojan-activity;sid:81289944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connections/lm/0xqvuo/psh90rp93690649361ilcevq7k7rqxlnf/"; depth:57; endswith; http.host; content:"www.kunsttrip.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426843/; classtype:trojan-activity;sid:81289943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/private_sector/verifiable_warehouse/zlbzqr73_x5zt8y/"; depth:64; endswith; http.host; content:"logotypfabriken.se"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426842/; classtype:trojan-activity;sid:81289942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jshj/57487_5i8aps_zone/verified_448694_rqqorxlfzlswl2s/187060184138_uznb2zdbhj88b/"; depth:83; endswith; http.host; content:"berkkorkmaz.com"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426841/; classtype:trojan-activity;sid:81289941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/file/huffks8vn/6hpk7w05349674273076730xu7bi55/"; depth:52; endswith; http.host; content:"www.libertolaw.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426840/; classtype:trojan-activity;sid:81289940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/protected_module/security_cloud/4k58z_2bx6k423k9gtiy/"; depth:65; endswith; http.host; content:"www.maasen.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426839/; classtype:trojan-activity;sid:81289939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats/ugldzxeie/"; depth:17; endswith; http.host; content:"mazzottadj.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426838/; classtype:trojan-activity;sid:81289938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carloghio/invoice/2y6611yew2/kxyush77148104086073uigkhvvlxsh2c/"; depth:64; endswith; http.host; content:"eurofutura.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426837/; classtype:trojan-activity;sid:81289937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/report/pu9dkpfsnjov/"; depth:29; endswith; http.host; content:"maratom.hu"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426836/; classtype:trojan-activity;sid:81289936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc/multifunctional-disk/additional-q3ky24b-zcj2r/13ygk-5mkriucfyh1x7/"; depth:71; endswith; http.host; content:"markelliotson.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426835/; classtype:trojan-activity;sid:81289935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/multifunctional-opqwr-ufzclgypmqdyqd/test-gwcsoulkfmk-ty8impu6it9twbp/lr5ypupy-zotrdjgebh/"; depth:96; endswith; http.host; content:"www.massiv.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426834/; classtype:trojan-activity;sid:81289934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/partnerlogo/lb/"; depth:16; endswith; http.host; content:"megfigyel.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426833/; classtype:trojan-activity;sid:81289933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nfhs/swift/agxkey8w8/x195730069kmhtdm334muw4no7127m/"; depth:53; endswith; http.host; content:"marjara.net"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426832/; classtype:trojan-activity;sid:81289932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/886309-orosikz-section/verifiable-warehouse/ytvj6m5xhg7-wjjliknkj3a/"; depth:77; endswith; http.host; content:"maximedge.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426831/; classtype:trojan-activity;sid:81289931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/multifunctional-disk/security-cloud/3549655261-gwbj4wc8bw/"; depth:67; endswith; http.host; content:"maxiquim.cl"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426830/; classtype:trojan-activity;sid:81289930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/etrac/om4glsald3br/"; depth:27; endswith; http.host; content:"martiniandgrey.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426829/; classtype:trojan-activity;sid:81289929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; http.host; content:"194.87.138.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426828/; classtype:trojan-activity;sid:81289928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; http.host; content:"194.87.138.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426827/; classtype:trojan-activity;sid:81289927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; http.host; content:"194.87.138.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426826/; classtype:trojan-activity;sid:81289926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/overview/15xhtgbe2a56/ck86770506947a4jrtnktk3jhk/"; depth:59; endswith; http.host; content:"maxsoft.cz"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426825/; classtype:trojan-activity;sid:81289925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/protected_disk/external_profile/527401608_wtlkeekmpkfjmtn/"; depth:64; endswith; http.host; content:"medreg.uz"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426824/; classtype:trojan-activity;sid:81289924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/multifunctional_gwssla7_chk0bshf79/documentation/lpofe16urv/"; depth:61; endswith; http.host; content:"mcmedian.co.jp"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426823/; classtype:trojan-activity;sid:81289923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; http.host; content:"194.87.138.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426822/; classtype:trojan-activity;sid:81289922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; http.host; content:"194.87.138.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426821/; classtype:trojan-activity;sid:81289921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; http.host; content:"194.87.138.15"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426820/; classtype:trojan-activity;sid:81289920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/parts_service/p99854117442916676dkebqon2x/"; depth:54; endswith; http.host; content:"mediariser.com"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426819/; classtype:trojan-activity;sid:81289919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/common-1439639898096-x6nzk743pjibezp/verified-warehouse/p9q2a2vnnjie0e-6y34/"; depth:86; endswith; http.host; content:"megatelelectronica.com.ar"; depth:25; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426818/; classtype:trojan-activity;sid:81289918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suspend-page/etrac/"; depth:20; endswith; http.host; content:"meulocal.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426817/; classtype:trojan-activity;sid:81289917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426816/; classtype:trojan-activity;sid:81289916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426815/; classtype:trojan-activity;sid:81289915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426814/; classtype:trojan-activity;sid:81289914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426813/; classtype:trojan-activity;sid:81289913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426812/; classtype:trojan-activity;sid:81289912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wpp-app/common_1sw_ldetfsr5szlq2yx/test_stsmtou_tx99zdsky4qxe5/tlyybla0w46_gyggldeu1rhqh/"; depth:90; endswith; http.host; content:"mgupta.me"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426811/; classtype:trojan-activity;sid:81289911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/tyq3p-hz2ky-63/"; depth:24; endswith; http.host; content:"g4osj.co.uk"; depth:11; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426810/; classtype:trojan-activity;sid:81289910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; http.host; content:"194.15.36.78"; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426809/; classtype:trojan-activity;sid:81289909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o_9q_w5ibffiks6/report/"; depth:24; endswith; http.host; content:"microclan.com"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426808/; classtype:trojan-activity;sid:81289908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/swift/042offmje/"; depth:31; endswith; http.host; content:"mj-web.dk"; depth:9; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426807/; classtype:trojan-activity;sid:81289907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/kwln/"; depth:15; endswith; http.host; content:"pflegedienst-lang.de"; depth:20; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426806/; classtype:trojan-activity;sid:81289906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; http.host; content:"89.42.210.116"; depth:13; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426805/; classtype:trojan-activity;sid:81289905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/reporting/tj7vfbm7f7x/"; de