################################################################ # abuse.ch URLhaus IDS ruleset (Suricata only) # # Last updated: 2022-06-26 04:48:05 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.6.37.236"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250572/; classtype:trojan-activity;sid:83113672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.255.223.241"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250571/; classtype:trojan-activity;sid:83113671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.229.49.130"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250569/; classtype:trojan-activity;sid:83113669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"80.182.136.136"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250568/; classtype:trojan-activity;sid:83113668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.12.217.160"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250566/; classtype:trojan-activity;sid:83113666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.15.211.233"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250565/; classtype:trojan-activity;sid:83113665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.101.137"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250564/; classtype:trojan-activity;sid:83113664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.104.192.187"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250563/; classtype:trojan-activity;sid:83113663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.42.179.200"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250562/; classtype:trojan-activity;sid:83113662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.247.154.67"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250551/; classtype:trojan-activity;sid:83113651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.208.136.57"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250552/; classtype:trojan-activity;sid:83113652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.196.72.69"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250550/; classtype:trojan-activity;sid:83113650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.18.123"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250546/; classtype:trojan-activity;sid:83113646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.49.203.118"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250547/; classtype:trojan-activity;sid:83113647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.122.66"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250548/; classtype:trojan-activity;sid:83113648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.79.76.169"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250549/; classtype:trojan-activity;sid:83113649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.47.252.244"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250545/; classtype:trojan-activity;sid:83113645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.225.166"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250543/; classtype:trojan-activity;sid:83113643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.89.109.90"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250542/; classtype:trojan-activity;sid:83113642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.195.81.138"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250541/; classtype:trojan-activity;sid:83113641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.90.190.65"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250540/; classtype:trojan-activity;sid:83113640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.153.94.174"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250539/; classtype:trojan-activity;sid:83113639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.131.66.239"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250538/; classtype:trojan-activity;sid:83113638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.128.159.130"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250537/; classtype:trojan-activity;sid:83113637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/google.sh"; depth:10; endswith; nocase; http.host; content:"45.140.188.109"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250526/; classtype:trojan-activity;sid:83113626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.97.130"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250525/; classtype:trojan-activity;sid:83113625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.56.73"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250523/; classtype:trojan-activity;sid:83113623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.243.149.184"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_26; reference:url, urlhaus.abuse.ch/url/2250522/; classtype:trojan-activity;sid:83113622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.127.215"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250521/; classtype:trojan-activity;sid:83113621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.156.17.131"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250520/; classtype:trojan-activity;sid:83113620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.154.34"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250519/; classtype:trojan-activity;sid:83113619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pixel.png"; depth:10; endswith; nocase; http.host; content:"01da7eee.step.ifsguy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250518/; classtype:trojan-activity;sid:83113618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.190.129"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250517/; classtype:trojan-activity;sid:83113617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.6.109.31"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250516/; classtype:trojan-activity;sid:83113616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.53.119.147"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250515/; classtype:trojan-activity;sid:83113615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.108.124"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250514/; classtype:trojan-activity;sid:83113614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.157.151.52"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250513/; classtype:trojan-activity;sid:83113613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.102.187"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250512/; classtype:trojan-activity;sid:83113612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.213.72"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250511/; classtype:trojan-activity;sid:83113611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.177.111"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250510/; classtype:trojan-activity;sid:83113610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"101.67.213.160"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250509/; classtype:trojan-activity;sid:83113609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.64.30"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250508/; classtype:trojan-activity;sid:83113608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.249.40.227"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250507/; classtype:trojan-activity;sid:83113607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.147.152"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250506/; classtype:trojan-activity;sid:83113606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.110.198.192"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250505/; classtype:trojan-activity;sid:83113605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.106.127.57"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250504/; classtype:trojan-activity;sid:83113604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.49.106.173"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250503/; classtype:trojan-activity;sid:83113603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.168.150.102"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250502/; classtype:trojan-activity;sid:83113602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.71.82.158"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250501/; classtype:trojan-activity;sid:83113601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.43.72.55"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250500/; classtype:trojan-activity;sid:83113600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.229.137.66"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250499/; classtype:trojan-activity;sid:83113599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.97.66"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250498/; classtype:trojan-activity;sid:83113598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"210.89.39.254"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250497/; classtype:trojan-activity;sid:83113597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.14.123.87"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250496/; classtype:trojan-activity;sid:83113596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.123.133"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250495/; classtype:trojan-activity;sid:83113595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.40.87.131"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250494/; classtype:trojan-activity;sid:83113594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"38.25.146.170"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250493/; classtype:trojan-activity;sid:83113593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.65.46"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250492/; classtype:trojan-activity;sid:83113592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.145.135.245"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250491/; classtype:trojan-activity;sid:83113591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.238.245.151"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250490/; classtype:trojan-activity;sid:83113590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.69.238.158"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250489/; classtype:trojan-activity;sid:83113589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.213.78.38"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250488/; classtype:trojan-activity;sid:83113588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.89.194.187"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250487/; classtype:trojan-activity;sid:83113587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.173.109.44"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250486/; classtype:trojan-activity;sid:83113586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.38.181.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250485/; classtype:trojan-activity;sid:83113585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.234.96.100"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250484/; classtype:trojan-activity;sid:83113584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.46.18"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250483/; classtype:trojan-activity;sid:83113583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.43.123.247"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250482/; classtype:trojan-activity;sid:83113582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.211.44.31"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250481/; classtype:trojan-activity;sid:83113581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.224.37.86"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250480/; classtype:trojan-activity;sid:83113580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-down/setspn.exe"; depth:19; endswith; nocase; http.host; content:"jrfurnace.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250479/; classtype:trojan-activity;sid:83113579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.55.147.12"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250478/; classtype:trojan-activity;sid:83113578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.238.179.198"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250477/; classtype:trojan-activity;sid:83113577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.101.49"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250476/; classtype:trojan-activity;sid:83113576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.73.176.152"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250475/; classtype:trojan-activity;sid:83113575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.186.110.223"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250474/; classtype:trojan-activity;sid:83113574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.11.189.151"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250473/; classtype:trojan-activity;sid:83113573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.150.228.55"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250472/; classtype:trojan-activity;sid:83113572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.exe"; depth:11; endswith; nocase; http.host; content:"119.3.37.230"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250471/; classtype:trojan-activity;sid:83113571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.62.14.24"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250470/; classtype:trojan-activity;sid:83113570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.26.121.148"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250469/; classtype:trojan-activity;sid:83113569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.20.4.71"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250468/; classtype:trojan-activity;sid:83113568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.9.118.142"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250467/; classtype:trojan-activity;sid:83113567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.101.24.98"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250466/; classtype:trojan-activity;sid:83113566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.102.217.248"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250465/; classtype:trojan-activity;sid:83113565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.5.36.19"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250464/; classtype:trojan-activity;sid:83113564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.77.160"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250463/; classtype:trojan-activity;sid:83113563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/"; depth:6; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250461/; classtype:trojan-activity;sid:83113561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/"; depth:4; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250462/; classtype:trojan-activity;sid:83113562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmm/"; depth:5; endswith; nocase; http.host; content:"thebirlaniyaaraworli.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250460/; classtype:trojan-activity;sid:83113560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/pruaeiamants"; depth:16; endswith; nocase; http.host; content:"rooferknoxville.net"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250458/; classtype:trojan-activity;sid:83113558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/neisepurdtfsorei"; depth:20; endswith; nocase; http.host; content:"rooferknoxville.net"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250459/; classtype:trojan-activity;sid:83113559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur/mqrelounodie"; depth:16; endswith; nocase; http.host; content:"meghapure.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250457/; classtype:trojan-activity;sid:83113557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/eeturmr"; depth:13; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250454/; classtype:trojan-activity;sid:83113554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/rseiuuoti"; depth:15; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250455/; classtype:trojan-activity;sid:83113555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/vlaheitirniits"; depth:20; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250456/; classtype:trojan-activity;sid:83113556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/uvttasoelp"; depth:16; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250453/; classtype:trojan-activity;sid:83113553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.220.236.65"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250452/; classtype:trojan-activity;sid:83113552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"68.198.171.123"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250451/; classtype:trojan-activity;sid:83113551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.108.87.9"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250450/; classtype:trojan-activity;sid:83113550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.107.164.23"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250449/; classtype:trojan-activity;sid:83113549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.168.38.143"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250448/; classtype:trojan-activity;sid:83113548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.74.59"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250447/; classtype:trojan-activity;sid:83113547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.166.75"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250446/; classtype:trojan-activity;sid:83113546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.238.196.223"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250445/; classtype:trojan-activity;sid:83113545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.59.32.53"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250444/; classtype:trojan-activity;sid:83113544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"106.104.139.5"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250443/; classtype:trojan-activity;sid:83113543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.109.70.63"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250442/; classtype:trojan-activity;sid:83113542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.23.10"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250441/; classtype:trojan-activity;sid:83113541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.73.111.185"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250440/; classtype:trojan-activity;sid:83113540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.25.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250439/; classtype:trojan-activity;sid:83113539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.240.237.89"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250438/; classtype:trojan-activity;sid:83113538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"173.16.27.245"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250437/; classtype:trojan-activity;sid:83113537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.7.202.55"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250436/; classtype:trojan-activity;sid:83113536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.46.201.194"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250435/; classtype:trojan-activity;sid:83113535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"104.5.90.140"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250434/; classtype:trojan-activity;sid:83113534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.170.163.232"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250433/; classtype:trojan-activity;sid:83113533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.229.91.168"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250432/; classtype:trojan-activity;sid:83113532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.175.54.232"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250431/; classtype:trojan-activity;sid:83113531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.173.75.137"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250430/; classtype:trojan-activity;sid:83113530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"173.19.146.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250429/; classtype:trojan-activity;sid:83113529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.223.234"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250428/; classtype:trojan-activity;sid:83113528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.240.67.33"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250427/; classtype:trojan-activity;sid:83113527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"210.222.252.113"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250426/; classtype:trojan-activity;sid:83113526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.106.25"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250425/; classtype:trojan-activity;sid:83113525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.238.166.23"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250424/; classtype:trojan-activity;sid:83113524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.122.161.102"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250423/; classtype:trojan-activity;sid:83113523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"61.190.132.33"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250422/; classtype:trojan-activity;sid:83113522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.229.217.5"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250421/; classtype:trojan-activity;sid:83113521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.86.173"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250420/; classtype:trojan-activity;sid:83113520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.195.239"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250419/; classtype:trojan-activity;sid:83113519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deewwww.exe"; depth:12; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250418/; classtype:trojan-activity;sid:83113518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//vnt.mips"; depth:10; endswith; nocase; http.host; content:"45.124.84.253"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250413/; classtype:trojan-activity;sid:83113513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zx.mips"; depth:9; endswith; nocase; http.host; content:"134.195.138.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250414/; classtype:trojan-activity;sid:83113514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vnt.mpsl"; depth:9; endswith; nocase; http.host; content:"45.124.84.253"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250415/; classtype:trojan-activity;sid:83113515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//zx.x86"; depth:8; endswith; nocase; http.host; content:"134.195.138.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250416/; classtype:trojan-activity;sid:83113516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zx.mpsl"; depth:8; endswith; nocase; http.host; content:"134.195.138.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250417/; classtype:trojan-activity;sid:83113517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.240.40"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250412/; classtype:trojan-activity;sid:83113512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zx.mips"; depth:8; endswith; nocase; http.host; content:"134.195.138.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250410/; classtype:trojan-activity;sid:83113510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vnt.mips"; depth:9; endswith; nocase; http.host; content:"45.124.84.253"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250411/; classtype:trojan-activity;sid:83113511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.44.88"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250409/; classtype:trojan-activity;sid:83113509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.101.233"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250408/; classtype:trojan-activity;sid:83113508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.120.5"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250407/; classtype:trojan-activity;sid:83113507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.94.122.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250406/; classtype:trojan-activity;sid:83113506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"69.248.232.127"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250405/; classtype:trojan-activity;sid:83113505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.250.2.64"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250404/; classtype:trojan-activity;sid:83113504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.240.0.231"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250403/; classtype:trojan-activity;sid:83113503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.89.84.11"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250402/; classtype:trojan-activity;sid:83113502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.121.169.219"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250401/; classtype:trojan-activity;sid:83113501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.10.68.209"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250400/; classtype:trojan-activity;sid:83113500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.159.243"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250399/; classtype:trojan-activity;sid:83113499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.37.73"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250398/; classtype:trojan-activity;sid:83113498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.97.173.164"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250397/; classtype:trojan-activity;sid:83113497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.213.154"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250395/; classtype:trojan-activity;sid:83113495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.93.21.251"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250396/; classtype:trojan-activity;sid:83113496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.92.114.99"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250394/; classtype:trojan-activity;sid:83113494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.137.10.174"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250393/; classtype:trojan-activity;sid:83113493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"107.185.9.221"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250392/; classtype:trojan-activity;sid:83113492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.173.195"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250391/; classtype:trojan-activity;sid:83113491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"218.156.75.144"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250390/; classtype:trojan-activity;sid:83113490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.103.249"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250389/; classtype:trojan-activity;sid:83113489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.39.243.176"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250388/; classtype:trojan-activity;sid:83113488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.82.76.158"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250387/; classtype:trojan-activity;sid:83113487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.15.205.78"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250386/; classtype:trojan-activity;sid:83113486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.132.160.98"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250385/; classtype:trojan-activity;sid:83113485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyded.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250384/; classtype:trojan-activity;sid:83113484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.74.241.32"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250383/; classtype:trojan-activity;sid:83113483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.14.122.188"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250382/; classtype:trojan-activity;sid:83113482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.222.175.185"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250381/; classtype:trojan-activity;sid:83113481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.16.64"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250380/; classtype:trojan-activity;sid:83113480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader/uploads/renevct_irqneltl.jpg"; depth:36; endswith; nocase; http.host; content:"37.0.11.164"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250379/; classtype:trojan-activity;sid:83113479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rxydmi5esyenrhywvijvcbugk0kbj6we"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250378/; classtype:trojan-activity;sid:83113478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lxzihkxu60agp4bpnq4kpooaynvncnwm"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250377/; classtype:trojan-activity;sid:83113477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=6e551f13c97e830a|7c|26|7c|resid=6e551f13c97e830a%21478|7c|26|7c|authkey=agqggo-oqvu5h9e"; depth:104; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250376/; classtype:trojan-activity;sid:83113476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/1.txt"; depth:8; endswith; nocase; http.host; content:"185.81.157.65"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250374/; classtype:trojan-activity;sid:83113474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/2.ps1"; depth:8; endswith; nocase; http.host; content:"185.81.157.65"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250375/; classtype:trojan-activity;sid:83113475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.103.49.107"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250372/; classtype:trojan-activity;sid:83113472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.176.163.61"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250373/; classtype:trojan-activity;sid:83113473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.123.62"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250371/; classtype:trojan-activity;sid:83113471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.156.158.210"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250370/; classtype:trojan-activity;sid:83113470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.98.26.66"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250369/; classtype:trojan-activity;sid:83113469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.123.168"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250368/; classtype:trojan-activity;sid:83113468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"5.1.39.227"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250367/; classtype:trojan-activity;sid:83113467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.125.137.237"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250366/; classtype:trojan-activity;sid:83113466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.152.162"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250365/; classtype:trojan-activity;sid:83113465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"20.51.227.181"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250364/; classtype:trojan-activity;sid:83113464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/layout20223acb.dotm"; depth:20; endswith; nocase; http.host; content:"20.51.227.181"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250363/; classtype:trojan-activity;sid:83113463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/is/qldquiuiia"; depth:14; endswith; nocase; http.host; content:"yns.gov.my"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250362/; classtype:trojan-activity;sid:83113462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/toolspab2.exe"; depth:24; endswith; nocase; http.host; content:"data-host-file-16.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250361/; classtype:trojan-activity;sid:83113461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/handselfdiy_2.exe"; depth:18; endswith; nocase; http.host; content:"www.nisfdcinfo.top"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250360/; classtype:trojan-activity;sid:83113460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.78.137"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250359/; classtype:trojan-activity;sid:83113459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.64.64"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250358/; classtype:trojan-activity;sid:83113458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.134.216.142"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250357/; classtype:trojan-activity;sid:83113457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public_html/purchaseorder.docx"; depth:31; endswith; nocase; http.host; content:"greatestdpk.gotdns.ch"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250355/; classtype:trojan-activity;sid:83113455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chow.hta"; depth:9; endswith; nocase; http.host; content:"gr3.ddns.net"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250356/; classtype:trojan-activity;sid:83113456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.0.0-beta1.exe"; depth:16; endswith; nocase; http.host; content:"greatestdpk.gotdns.ch"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250354/; classtype:trojan-activity;sid:83113454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newelgery.exe"; depth:14; endswith; nocase; http.host; content:"greatestdpk.gotdns.ch"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250353/; classtype:trojan-activity;sid:83113453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tlfjas_bkmnjjvv.jpg"; depth:20; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250352/; classtype:trojan-activity;sid:83113452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.82.79"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250351/; classtype:trojan-activity;sid:83113451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"99.179.169.181"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250350/; classtype:trojan-activity;sid:83113450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.75.131"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250348/; classtype:trojan-activity;sid:83113448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.101.197"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250349/; classtype:trojan-activity;sid:83113449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.71.201"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250347/; classtype:trojan-activity;sid:83113447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.204.130.246"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250346/; classtype:trojan-activity;sid:83113446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.228.88.209"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250345/; classtype:trojan-activity;sid:83113445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.210.236.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250344/; classtype:trojan-activity;sid:83113444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.54.171.213"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250343/; classtype:trojan-activity;sid:83113443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.254.105.240"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250342/; classtype:trojan-activity;sid:83113442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"61.228.151.239"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250341/; classtype:trojan-activity;sid:83113441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"96.250.75.188"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250340/; classtype:trojan-activity;sid:83113440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"163.179.166.147"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250339/; classtype:trojan-activity;sid:83113439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.229.40.41"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250338/; classtype:trojan-activity;sid:83113438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.89.84.161"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250337/; classtype:trojan-activity;sid:83113437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"72.252.124.186"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250336/; classtype:trojan-activity;sid:83113436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.185.64.13"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250335/; classtype:trojan-activity;sid:83113435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.240.17.151"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250334/; classtype:trojan-activity;sid:83113434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.119.198.136"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250333/; classtype:trojan-activity;sid:83113433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"117.26.222.6"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250332/; classtype:trojan-activity;sid:83113432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.24.57.81"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250331/; classtype:trojan-activity;sid:83113431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"172.119.79.239"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250330/; classtype:trojan-activity;sid:83113430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"31.168.86.126"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250329/; classtype:trojan-activity;sid:83113429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iic/emaurorneirt"; depth:17; endswith; nocase; http.host; content:"newhorizonacademy.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250328/; classtype:trojan-activity;sid:83113428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cts/arumeqaui"; depth:14; endswith; nocase; http.host; content:"innovative23.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250327/; classtype:trojan-activity;sid:83113427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.179.145.183"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250326/; classtype:trojan-activity;sid:83113426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/aeqtuivpmuettola"; depth:20; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250325/; classtype:trojan-activity;sid:83113425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/isenrdsietrepef"; depth:21; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250324/; classtype:trojan-activity;sid:83113424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ndocitiistonn"; depth:17; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250323/; classtype:trojan-activity;sid:83113423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/bunmuauaraitodlml"; depth:23; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250322/; classtype:trojan-activity;sid:83113422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/cbsxlaiptoee"; depth:18; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250321/; classtype:trojan-activity;sid:83113421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/patsamnenurairve"; depth:20; endswith; nocase; http.host; content:"rooferknoxville.net"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250320/; classtype:trojan-activity;sid:83113420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/mieselquqiunei"; depth:18; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250318/; classtype:trojan-activity;sid:83113418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/oddueomslr"; depth:14; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250319/; classtype:trojan-activity;sid:83113419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa/otolemerd"; depth:13; endswith; nocase; http.host; content:"sayanoida131.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250316/; classtype:trojan-activity;sid:83113416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/fisiiiufqoc"; depth:15; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250317/; classtype:trojan-activity;sid:83113417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pas/tdecpiisia"; depth:15; endswith; nocase; http.host; content:"wisconsinpodcastfestival.com"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250314/; classtype:trojan-activity;sid:83113414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/caciedxepuitrt"; depth:18; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250315/; classtype:trojan-activity;sid:83113415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cqes/stiniu"; depth:12; endswith; nocase; http.host; content:"highsky.co.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250313/; classtype:trojan-activity;sid:83113413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suq/leerdapaeucntipada"; depth:23; endswith; nocase; http.host; content:"jrzxy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250308/; classtype:trojan-activity;sid:83113408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et/qmemueadtui"; depth:15; endswith; nocase; http.host; content:"rsmzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250309/; classtype:trojan-activity;sid:83113409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/litseemqaluamoai"; depth:22; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250310/; classtype:trojan-activity;sid:83113410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/criidisebnae"; depth:16; endswith; nocase; http.host; content:"thebrigade-eldorado.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250311/; classtype:trojan-activity;sid:83113411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfnd/oerouidrbluis"; depth:19; endswith; nocase; http.host; content:"yashviindustries.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250312/; classtype:trojan-activity;sid:83113412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctpt/ietdpnsease"; depth:17; endswith; nocase; http.host; content:"instantreplys.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250307/; classtype:trojan-activity;sid:83113407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as/qeaebuopxilca"; depth:17; endswith; nocase; http.host; content:"groupazanero.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250305/; classtype:trojan-activity;sid:83113405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/etsiecaspitiirps"; depth:20; endswith; nocase; http.host; content:"strikevpn.ml"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250306/; classtype:trojan-activity;sid:83113406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tis/dlteivi"; depth:12; endswith; nocase; http.host; content:"waapsols.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250302/; classtype:trojan-activity;sid:83113402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/uftiusgoq"; depth:14; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250303/; classtype:trojan-activity;sid:83113403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/aumhecocniitsrt"; depth:19; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250304/; classtype:trojan-activity;sid:83113404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/iinmosts"; depth:12; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250296/; classtype:trojan-activity;sid:83113396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alb/daseuqi"; depth:12; endswith; nocase; http.host; content:"infisystems.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250297/; classtype:trojan-activity;sid:83113397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et/tdaes"; depth:9; endswith; nocase; http.host; content:"rsmzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250298/; classtype:trojan-activity;sid:83113398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/estaumstnaupaceniiucrm"; depth:26; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250299/; classtype:trojan-activity;sid:83113399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/motquvtopauusl"; depth:18; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250300/; classtype:trojan-activity;sid:83113400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/edtuosis"; depth:12; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250301/; classtype:trojan-activity;sid:83113401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oae/piccttnoereeeeadihrrca"; depth:27; endswith; nocase; http.host; content:"sqqlm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250292/; classtype:trojan-activity;sid:83113392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/siidcntiutto"; depth:16; endswith; nocase; http.host; content:"hgnyk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250293/; classtype:trojan-activity;sid:83113393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/coritreops"; depth:14; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250294/; classtype:trojan-activity;sid:83113394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsoi/ocuacacettepavtoli"; depth:24; endswith; nocase; http.host; content:"thegulshanbotnia.in"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250295/; classtype:trojan-activity;sid:83113395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rat/easorluauesncdat"; depth:21; endswith; nocase; http.host; content:"healthwealthvaastu.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250287/; classtype:trojan-activity;sid:83113387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/sancrtqdoueua"; depth:19; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250288/; classtype:trojan-activity;sid:83113388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/fuoefeidtcisalc"; depth:21; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250289/; classtype:trojan-activity;sid:83113389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ittansu"; depth:11; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250290/; classtype:trojan-activity;sid:83113390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er/tnismaeimbiid"; depth:17; endswith; nocase; http.host; content:"multiservicespro.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250291/; classtype:trojan-activity;sid:83113391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooit/smtdnieictonii"; depth:20; endswith; nocase; http.host; content:"goonlinetrainings.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250285/; classtype:trojan-activity;sid:83113385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/emioirosnsma"; depth:18; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250286/; classtype:trojan-activity;sid:83113386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbut/oilsofilifci"; depth:18; endswith; nocase; http.host; content:"transportalo.com.pe"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250284/; classtype:trojan-activity;sid:83113384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/liremeoairsbo"; depth:17; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250283/; classtype:trojan-activity;sid:83113383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eul/mtuiebudarnlalao"; depth:21; endswith; nocase; http.host; content:"fesuw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250282/; classtype:trojan-activity;sid:83113382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um/vtaeite"; depth:11; endswith; nocase; http.host; content:"knightplumbingphoenix.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250279/; classtype:trojan-activity;sid:83113379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/ocormoricpmodsi"; depth:19; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250280/; classtype:trojan-activity;sid:83113380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ut/edouteaiq"; depth:13; endswith; nocase; http.host; content:"infrastruktur-digital.id"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250281/; classtype:trojan-activity;sid:83113381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etes/edaaaneosmusericr"; depth:23; endswith; nocase; http.host; content:"rtyaj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250275/; classtype:trojan-activity;sid:83113375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ausu/erdnsilloioh"; depth:18; endswith; nocase; http.host; content:"restorecoinwallets.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250276/; classtype:trojan-activity;sid:83113376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/orpioinsr"; depth:13; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250277/; classtype:trojan-activity;sid:83113377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/einmagt"; depth:13; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250278/; classtype:trojan-activity;sid:83113378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/daostuulpelscvte"; depth:20; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250271/; classtype:trojan-activity;sid:83113371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/seiuirpa"; depth:12; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250272/; classtype:trojan-activity;sid:83113372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/ttnsomrpveideiaeol"; depth:22; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250273/; classtype:trojan-activity;sid:83113373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/lodbomitsaraoi"; depth:20; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250274/; classtype:trojan-activity;sid:83113374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/buliaqamour"; depth:17; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250264/; classtype:trojan-activity;sid:83113364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iq/aiemamx"; depth:11; endswith; nocase; http.host; content:"numericreuse.fr"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250265/; classtype:trojan-activity;sid:83113365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/fficeisitso"; depth:15; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250266/; classtype:trojan-activity;sid:83113366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh/btpviauanutomls"; depth:19; endswith; nocase; http.host; content:"invitoproperty.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250267/; classtype:trojan-activity;sid:83113367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/matgquneaii"; depth:15; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250268/; classtype:trojan-activity;sid:83113368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/tauvteitsplmo"; depth:17; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250269/; classtype:trojan-activity;sid:83113369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vela/marrpiaeem"; depth:16; endswith; nocase; http.host; content:"uwtjm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250270/; classtype:trojan-activity;sid:83113370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/mioudlodr"; depth:15; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250263/; classtype:trojan-activity;sid:83113363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erms/tsieenim"; depth:14; endswith; nocase; http.host; content:"mohaliplots.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250260/; classtype:trojan-activity;sid:83113360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oae/uqcimudsuai"; depth:16; endswith; nocase; http.host; content:"sqqlm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250261/; classtype:trojan-activity;sid:83113361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/seeamtd"; depth:13; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250262/; classtype:trojan-activity;sid:83113362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/adreefecs"; depth:13; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250257/; classtype:trojan-activity;sid:83113357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/iuthlni"; depth:11; endswith; nocase; http.host; content:"pvocl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250258/; classtype:trojan-activity;sid:83113358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/rquedmledrlmoooeo"; depth:23; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250259/; classtype:trojan-activity;sid:83113359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/isacltpiansieef"; depth:20; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250253/; classtype:trojan-activity;sid:83113353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snpt/icsutseenno"; depth:17; endswith; nocase; http.host; content:"mtsalmanar.sch.id"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250254/; classtype:trojan-activity;sid:83113354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/renner/inicio"; depth:14; endswith; nocase; http.host; content:"rennnerlojasfinanceira.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250255/; classtype:trojan-activity;sid:83113355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdau/esdipsa"; depth:13; endswith; nocase; http.host; content:"zttgn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250256/; classtype:trojan-activity;sid:83113356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/dnneesciiionr"; depth:19; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250252/; classtype:trojan-activity;sid:83113352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm/bvlaapusot"; depth:14; endswith; nocase; http.host; content:"grupogolfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250251/; classtype:trojan-activity;sid:83113351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/rtctoauceseen"; depth:19; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250246/; classtype:trojan-activity;sid:83113346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/eosnistm"; depth:12; endswith; nocase; http.host; content:"thebrigade-eldorado.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250247/; classtype:trojan-activity;sid:83113347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/msitbnoeua"; depth:16; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250248/; classtype:trojan-activity;sid:83113348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/terdloos"; depth:12; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250249/; classtype:trojan-activity;sid:83113349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/diinlesibabttsidi"; depth:22; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250250/; classtype:trojan-activity;sid:83113350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mo/motosrsuen"; depth:14; endswith; nocase; http.host; content:"modernlearning.co.zw"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250243/; classtype:trojan-activity;sid:83113343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/ifuirtpofasiairc"; depth:22; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250244/; classtype:trojan-activity;sid:83113344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eot/eclimorhdo"; depth:15; endswith; nocase; http.host; content:"nutriselfagro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250245/; classtype:trojan-activity;sid:83113345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/etueaotvlpvtil"; depth:18; endswith; nocase; http.host; content:"nkiic.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250239/; classtype:trojan-activity;sid:83113339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/queatmrenusd"; depth:18; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250240/; classtype:trojan-activity;sid:83113340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erms/enoson"; depth:12; endswith; nocase; http.host; content:"mohaliplots.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250241/; classtype:trojan-activity;sid:83113341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/taamanugm"; depth:13; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250242/; classtype:trojan-activity;sid:83113342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/iinimnhlsu"; depth:15; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250233/; classtype:trojan-activity;sid:83113333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etes/sdaoopoletrmlutve"; depth:23; endswith; nocase; http.host; content:"rtyaj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250234/; classtype:trojan-activity;sid:83113334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/oateimeeptltumaovsl"; depth:23; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250235/; classtype:trojan-activity;sid:83113335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/tiurapmensetu"; depth:18; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250236/; classtype:trojan-activity;sid:83113336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uume/cifaiafo"; depth:14; endswith; nocase; http.host; content:"raymondrealtythane.co"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250237/; classtype:trojan-activity;sid:83113337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/itstuneaqiidcto"; depth:21; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250238/; classtype:trojan-activity;sid:83113338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/afeftioci"; depth:15; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250230/; classtype:trojan-activity;sid:83113330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er/esoqoslaiutem"; depth:17; endswith; nocase; http.host; content:"multiservicespro.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250231/; classtype:trojan-activity;sid:83113331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdau/ltueafaitoimges"; depth:21; endswith; nocase; http.host; content:"zttgn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250232/; classtype:trojan-activity;sid:83113332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otau/asettiieriipcpss"; depth:22; endswith; nocase; http.host; content:"isknm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250228/; classtype:trojan-activity;sid:83113328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/missctuiud"; depth:14; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250229/; classtype:trojan-activity;sid:83113329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eul/enosatuatpmr"; depth:17; endswith; nocase; http.host; content:"fesuw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250225/; classtype:trojan-activity;sid:83113325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/eoetrbarrea"; depth:15; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250226/; classtype:trojan-activity;sid:83113326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dpou/elrrcuorap"; depth:16; endswith; nocase; http.host; content:"redempire7.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250227/; classtype:trojan-activity;sid:83113327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiic/oeilusml"; depth:14; endswith; nocase; http.host; content:"fxtradeoption24.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250219/; classtype:trojan-activity;sid:83113319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr/ibqeditsuae"; depth:15; endswith; nocase; http.host; content:"top360digitalmediaada.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250220/; classtype:trojan-activity;sid:83113320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/iptlauitmdevpmteo"; depth:21; endswith; nocase; http.host; content:"thebrigade-eldorado.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250221/; classtype:trojan-activity;sid:83113321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmc/rndpqitvouie"; depth:17; endswith; nocase; http.host; content:"lymqe.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250222/; classtype:trojan-activity;sid:83113322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/ottlamsieee"; depth:17; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250223/; classtype:trojan-activity;sid:83113323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/tnmae"; depth:9; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250224/; classtype:trojan-activity;sid:83113324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/rsiouqtpumbei"; depth:19; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250212/; classtype:trojan-activity;sid:83113312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netu/sauuumqsmqbaqiuid"; depth:23; endswith; nocase; http.host; content:"temkos.rs"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250213/; classtype:trojan-activity;sid:83113313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic/vuqleis"; depth:11; endswith; nocase; http.host; content:"juqts.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250214/; classtype:trojan-activity;sid:83113314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl/einapmosse"; depth:14; endswith; nocase; http.host; content:"miyapurflats.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250215/; classtype:trojan-activity;sid:83113315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eul/ttibosnmao"; depth:15; endswith; nocase; http.host; content:"fesuw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250216/; classtype:trojan-activity;sid:83113316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/iluveatt"; depth:14; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250217/; classtype:trojan-activity;sid:83113317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netu/pvuelcotsneunittam"; depth:24; endswith; nocase; http.host; content:"temkos.rs"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250218/; classtype:trojan-activity;sid:83113318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erms/nteibos"; depth:13; endswith; nocase; http.host; content:"mohaliplots.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250211/; classtype:trojan-activity;sid:83113311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/reaeuntt"; depth:13; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250206/; classtype:trojan-activity;sid:83113306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/qisuorrepisae"; depth:17; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250207/; classtype:trojan-activity;sid:83113307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic/oinmosdoi"; depth:13; endswith; nocase; http.host; content:"juqts.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250208/; classtype:trojan-activity;sid:83113308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/ueecucsmqnauas"; depth:18; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250209/; classtype:trojan-activity;sid:83113309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/gsnaiitm"; depth:12; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250210/; classtype:trojan-activity;sid:83113310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/rttluuuoapmeiv"; depth:18; endswith; nocase; http.host; content:"eyirs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250205/; classtype:trojan-activity;sid:83113305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/telomuavupitq"; depth:17; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250198/; classtype:trojan-activity;sid:83113298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/en/ueumt"; depth:9; endswith; nocase; http.host; content:"muzzaiyanvisionaries.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250199/; classtype:trojan-activity;sid:83113299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/amusemagin"; depth:14; endswith; nocase; http.host; content:"hgnyk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250200/; classtype:trojan-activity;sid:83113300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qei/ieddacts"; depth:13; endswith; nocase; http.host; content:"merbleuedakar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250201/; classtype:trojan-activity;sid:83113301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la/rpaobuvellostsuitod"; depth:23; endswith; nocase; http.host; content:"ofnwu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250202/; classtype:trojan-activity;sid:83113302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/niuesiaqmrputae"; depth:19; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250203/; classtype:trojan-activity;sid:83113303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vet/nmsioet"; depth:12; endswith; nocase; http.host; content:"vozfl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250204/; classtype:trojan-activity;sid:83113304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tete/duoiitscoips"; depth:18; endswith; nocase; http.host; content:"internifi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250196/; classtype:trojan-activity;sid:83113296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/uedean"; depth:11; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250197/; classtype:trojan-activity;sid:83113297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co/oatmomeelordilse"; depth:20; endswith; nocase; http.host; content:"shrutex.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250194/; classtype:trojan-activity;sid:83113294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/nsesodim"; depth:12; endswith; nocase; http.host; content:"glkwr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250195/; classtype:trojan-activity;sid:83113295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/aimevaltneesoim"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250188/; classtype:trojan-activity;sid:83113288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/suqsedi"; depth:11; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250189/; classtype:trojan-activity;sid:83113289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/squioasmn"; depth:15; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250190/; classtype:trojan-activity;sid:83113290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/amtuuhra"; depth:14; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250191/; classtype:trojan-activity;sid:83113291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/tlvloistuae"; depth:16; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250192/; classtype:trojan-activity;sid:83113292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vet/sauoqtu"; depth:12; endswith; nocase; http.host; content:"vozfl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250193/; classtype:trojan-activity;sid:83113293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erd/iubrmiatsede"; depth:17; endswith; nocase; http.host; content:"thetulipmonsellagurgaon.in"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250184/; classtype:trojan-activity;sid:83113284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilb/srruodieompebolt"; depth:21; endswith; nocase; http.host; content:"rohanupavanproject.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250185/; classtype:trojan-activity;sid:83113285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muo/olmieodrpsas"; depth:17; endswith; nocase; http.host; content:"mybizwallet.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250186/; classtype:trojan-activity;sid:83113286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mle/laborumillo"; depth:16; endswith; nocase; http.host; content:"thecliffpartners.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250187/; classtype:trojan-activity;sid:83113287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/oseerolod"; depth:13; endswith; nocase; http.host; content:"nkiic.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250183/; classtype:trojan-activity;sid:83113283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saud/iuiosnmq"; depth:14; endswith; nocase; http.host; content:"grmwo.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250178/; classtype:trojan-activity;sid:83113278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iq/dbutuiamqus"; depth:15; endswith; nocase; http.host; content:"numericreuse.fr"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250179/; classtype:trojan-activity;sid:83113279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/peuiernecmxit"; depth:17; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250180/; classtype:trojan-activity;sid:83113280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh/iuadisliquq"; depth:15; endswith; nocase; http.host; content:"invitoproperty.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250181/; classtype:trojan-activity;sid:83113281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/uesseinatsactumteib"; depth:23; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250182/; classtype:trojan-activity;sid:83113282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/ruuspnrtqeraateaa"; depth:21; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250175/; classtype:trojan-activity;sid:83113275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ite/urntenoent"; depth:15; endswith; nocase; http.host; content:"iuvhb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250176/; classtype:trojan-activity;sid:83113276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eri/isietn"; depth:11; endswith; nocase; http.host; content:"phiniteng.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250177/; classtype:trojan-activity;sid:83113277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/eiqcuerixtutape"; depth:19; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250169/; classtype:trojan-activity;sid:83113269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vela/uieptsm"; depth:13; endswith; nocase; http.host; content:"uwtjm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250170/; classtype:trojan-activity;sid:83113270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/tifooicfsauils"; depth:19; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250171/; classtype:trojan-activity;sid:83113271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/titafuug"; depth:14; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250172/; classtype:trojan-activity;sid:83113272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/etta"; depth:8; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250173/; classtype:trojan-activity;sid:83113273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ruspmemrui"; depth:14; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250174/; classtype:trojan-activity;sid:83113274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/imndcmusosiu"; depth:16; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250166/; classtype:trojan-activity;sid:83113266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/iutoiqd"; depth:11; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250167/; classtype:trojan-activity;sid:83113267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saae/natimiemma"; depth:16; endswith; nocase; http.host; content:"igitangsel.or.id"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250168/; classtype:trojan-activity;sid:83113268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/vbealrelo"; depth:13; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250160/; classtype:trojan-activity;sid:83113260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sf/eistnmiiedlap"; depth:17; endswith; nocase; http.host; content:"xyahp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250161/; classtype:trojan-activity;sid:83113261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/nlpeentirluiacdt"; depth:22; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250162/; classtype:trojan-activity;sid:83113262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nll/atvietlueidictp"; depth:20; endswith; nocase; http.host; content:"plumberpages.com.au"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250163/; classtype:trojan-activity;sid:83113263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rreo/miomaalsinetsim"; depth:21; endswith; nocase; http.host; content:"sujaypaul.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250164/; classtype:trojan-activity;sid:83113264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/pardntrusaea"; depth:16; endswith; nocase; http.host; content:"rotaryale.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250165/; classtype:trojan-activity;sid:83113265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur/oonindm"; depth:11; endswith; nocase; http.host; content:"meghapure.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250155/; classtype:trojan-activity;sid:83113255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te/etesnitssbtiucae"; depth:20; endswith; nocase; http.host; content:"rozcat.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250156/; classtype:trojan-activity;sid:83113256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/tciaacmluhiisunn"; depth:22; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250157/; classtype:trojan-activity;sid:83113257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns/dinattpumusidaceesa"; depth:23; endswith; nocase; http.host; content:"onesoftgaming.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250158/; classtype:trojan-activity;sid:83113258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ai/umiesicstbanesnsiot"; depth:23; endswith; nocase; http.host; content:"klynworkhungary.hu"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250159/; classtype:trojan-activity;sid:83113259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/ceuuutrotnsqa"; depth:17; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250154/; classtype:trojan-activity;sid:83113254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ule/ouaoltdr"; depth:13; endswith; nocase; http.host; content:"pwpze.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250150/; classtype:trojan-activity;sid:83113250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edmt/ltenhii"; depth:13; endswith; nocase; http.host; content:"zcikz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250151/; classtype:trojan-activity;sid:83113251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uume/rsioateuul"; depth:16; endswith; nocase; http.host; content:"raymondrealtythane.co"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250152/; classtype:trojan-activity;sid:83113252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/qatiuu"; depth:12; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250153/; classtype:trojan-activity;sid:83113253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/smsitpeiiomspud"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250145/; classtype:trojan-activity;sid:83113245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/acfoiiqiufa"; depth:17; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250146/; classtype:trojan-activity;sid:83113246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/ietmosuampberru"; depth:21; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250147/; classtype:trojan-activity;sid:83113247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saud/lorsunotd"; depth:15; endswith; nocase; http.host; content:"grmwo.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250148/; classtype:trojan-activity;sid:83113248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/ieudminasrrihec"; depth:19; endswith; nocase; http.host; content:"whiaq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250149/; classtype:trojan-activity;sid:83113249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna/uaucpmahlr"; depth:16; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250139/; classtype:trojan-activity;sid:83113239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iic/neetaaib"; depth:13; endswith; nocase; http.host; content:"newhorizonacademy.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250140/; classtype:trojan-activity;sid:83113240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna/utlobier"; depth:14; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250141/; classtype:trojan-activity;sid:83113241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/oorpsreo"; depth:12; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250142/; classtype:trojan-activity;sid:83113242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snpt/tveores"; depth:13; endswith; nocase; http.host; content:"mtsalmanar.sch.id"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250143/; classtype:trojan-activity;sid:83113243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/urratemu"; depth:12; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250144/; classtype:trojan-activity;sid:83113244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/imoomodces"; depth:16; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250135/; classtype:trojan-activity;sid:83113235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/strpooicer"; depth:14; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250136/; classtype:trojan-activity;sid:83113236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur/smirobnilaao"; depth:16; endswith; nocase; http.host; content:"meghapure.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250137/; classtype:trojan-activity;sid:83113237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/otilcrphuiirn"; depth:19; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250138/; classtype:trojan-activity;sid:83113238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/nhamnlii"; depth:13; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250133/; classtype:trojan-activity;sid:83113233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/eolvdnretnmruioo"; depth:20; endswith; nocase; http.host; content:"gcpgp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250134/; classtype:trojan-activity;sid:83113234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/nsuqiii"; depth:13; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250131/; classtype:trojan-activity;sid:83113231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/laadmaiueunlpder"; depth:20; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250132/; classtype:trojan-activity;sid:83113232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oui/tisipnaiicds"; depth:17; endswith; nocase; http.host; content:"rrkhf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250129/; classtype:trojan-activity;sid:83113229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/esorteslod"; depth:16; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250130/; classtype:trojan-activity;sid:83113230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/tpmsvuaulloil"; depth:18; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250125/; classtype:trojan-activity;sid:83113225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/nseoi"; depth:11; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250126/; classtype:trojan-activity;sid:83113226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/limiiuesiqnsi"; depth:17; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250127/; classtype:trojan-activity;sid:83113227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/tisunbtnesonseica"; depth:21; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250128/; classtype:trojan-activity;sid:83113228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rio/oispvnumuastl"; depth:18; endswith; nocase; http.host; content:"expoart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250120/; classtype:trojan-activity;sid:83113220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/mtatniuerepes"; depth:18; endswith; nocase; http.host; content:"uniquebusiness1.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250121/; classtype:trojan-activity;sid:83113221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmuo/letdidsinee"; depth:17; endswith; nocase; http.host; content:"m3mgurugramproperties.in"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250122/; classtype:trojan-activity;sid:83113222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/indietirscuermnseaeip"; depth:27; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250123/; classtype:trojan-activity;sid:83113223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/svneodsiilgmsi"; depth:18; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250124/; classtype:trojan-activity;sid:83113224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/tneimluvis"; depth:16; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250115/; classtype:trojan-activity;sid:83113215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eote/ehnrtdetieeesripr"; depth:23; endswith; nocase; http.host; content:"fxtradeoption24.co.za"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250116/; classtype:trojan-activity;sid:83113216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taiu/ltmtioomllpiautaev"; depth:24; endswith; nocase; http.host; content:"hardip.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250117/; classtype:trojan-activity;sid:83113217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/gdbsainqmmiuau"; depth:20; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250118/; classtype:trojan-activity;sid:83113218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/turceiunnqusouq"; depth:19; endswith; nocase; http.host; content:"prestige-finsbury-park.co"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250119/; classtype:trojan-activity;sid:83113219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pss/utte"; depth:9; endswith; nocase; http.host; content:"urtku.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250112/; classtype:trojan-activity;sid:83113212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iac/suaasdiidlnoeemrapte"; depth:25; endswith; nocase; http.host; content:"xfamn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250113/; classtype:trojan-activity;sid:83113213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/conutriiondpr"; depth:17; endswith; nocase; http.host; content:"ifyzt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250114/; classtype:trojan-activity;sid:83113214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/etetpnesearu"; depth:18; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250109/; classtype:trojan-activity;sid:83113209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhs/futcrrpeeaiexce"; depth:20; endswith; nocase; http.host; content:"turkmenulastirma.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250110/; classtype:trojan-activity;sid:83113210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/leotmisauet"; depth:16; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250111/; classtype:trojan-activity;sid:83113211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm/ueaomvspqtlotu"; depth:18; endswith; nocase; http.host; content:"grupogolfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250105/; classtype:trojan-activity;sid:83113205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip/atet"; depth:8; endswith; nocase; http.host; content:"whizzo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250106/; classtype:trojan-activity;sid:83113206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur/ietnataor"; depth:13; endswith; nocase; http.host; content:"meghapure.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250107/; classtype:trojan-activity;sid:83113207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/tuocpsrsleidsoi"; depth:20; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250108/; classtype:trojan-activity;sid:83113208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/vevrninleioett"; depth:18; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250103/; classtype:trojan-activity;sid:83113203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/onurqmsitu"; depth:14; endswith; nocase; http.host; content:"mdpcd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250104/; classtype:trojan-activity;sid:83113204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/neisepurdtfsorei"; depth:20; endswith; nocase; http.host; content:"rooferknoxville.net"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250100/; classtype:trojan-activity;sid:83113200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easa/dauissubdmuicmqu"; depth:22; endswith; nocase; http.host; content:"uyoey.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250101/; classtype:trojan-activity;sid:83113201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/squiqauutm"; depth:14; endswith; nocase; http.host; content:"thenxtcapital.co.in"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250102/; classtype:trojan-activity;sid:83113202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec/saeeoilemta"; depth:15; endswith; nocase; http.host; content:"pwgzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250096/; classtype:trojan-activity;sid:83113196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vee/aivudtopsetacimlip"; depth:23; endswith; nocase; http.host; content:"ygisf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250097/; classtype:trojan-activity;sid:83113197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uise/iusamqcausuc"; depth:18; endswith; nocase; http.host; content:"hchxs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250098/; classtype:trojan-activity;sid:83113198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msn/tiueq"; depth:10; endswith; nocase; http.host; content:"jorgeolivaycia.cl"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250099/; classtype:trojan-activity;sid:83113199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm/uensnirmopeasitm"; depth:20; endswith; nocase; http.host; content:"grupogolfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250095/; classtype:trojan-activity;sid:83113195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/aiamniuftmgi"; depth:16; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250092/; classtype:trojan-activity;sid:83113192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae/rauetecmerotmeixnri"; depth:23; endswith; nocase; http.host; content:"lemhs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250093/; classtype:trojan-activity;sid:83113193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muo/ursrumsmspoei"; depth:18; endswith; nocase; http.host; content:"mybizwallet.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250094/; classtype:trojan-activity;sid:83113194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntus/intis"; depth:11; endswith; nocase; http.host; content:"upnyt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250085/; classtype:trojan-activity;sid:83113185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/pruaeiamants"; depth:16; endswith; nocase; http.host; content:"rooferknoxville.net"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250086/; classtype:trojan-activity;sid:83113186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiic/dnlitsauimanumu"; depth:21; endswith; nocase; http.host; content:"fxtradeoption24.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250087/; classtype:trojan-activity;sid:83113187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pss/ardme"; depth:10; endswith; nocase; http.host; content:"urtku.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250088/; classtype:trojan-activity;sid:83113188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsda/ratsupirita"; depth:17; endswith; nocase; http.host; content:"ldjab.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250089/; classtype:trojan-activity;sid:83113189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovtl/uinamisccatun"; depth:19; endswith; nocase; http.host; content:"tphoz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250090/; classtype:trojan-activity;sid:83113190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hu/umiiqain"; depth:12; endswith; nocase; http.host; content:"m3mgurugram.co"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250091/; classtype:trojan-activity;sid:83113191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/nissmaoormei"; depth:16; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250084/; classtype:trojan-activity;sid:83113184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmm/eltmpecptaroae"; depth:19; endswith; nocase; http.host; content:"thebirlaniyaaraworli.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250083/; classtype:trojan-activity;sid:83113183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tim/neidrprodpuraeoa"; depth:21; endswith; nocase; http.host; content:"gkehu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250078/; classtype:trojan-activity;sid:83113178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/eunastt"; depth:13; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250079/; classtype:trojan-activity;sid:83113179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iemn/lduinimaatsuqu"; depth:20; endswith; nocase; http.host; content:"menuwiz.com.au"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250080/; classtype:trojan-activity;sid:83113180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/iqute"; depth:9; endswith; nocase; http.host; content:"thebrigade-eldorado.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250081/; classtype:trojan-activity;sid:83113181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saae/ildnqtibusiado"; depth:20; endswith; nocase; http.host; content:"igitangsel.or.id"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250082/; classtype:trojan-activity;sid:83113182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us/eaiuimtdtp"; depth:14; endswith; nocase; http.host; content:"bmrl.in"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250077/; classtype:trojan-activity;sid:83113177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/tcoeidltoprduaie"; depth:20; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250073/; classtype:trojan-activity;sid:83113173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/recoieplurexotds"; depth:20; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250074/; classtype:trojan-activity;sid:83113174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo/qiitusa"; depth:11; endswith; nocase; http.host; content:"grandaffairs.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250075/; classtype:trojan-activity;sid:83113175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ini/nmalruoeobm"; depth:16; endswith; nocase; http.host; content:"rayzonlimited.co.ke"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250076/; classtype:trojan-activity;sid:83113176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/iuauamlqiq"; depth:16; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250070/; classtype:trojan-activity;sid:83113170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rir/rqauettae"; depth:14; endswith; nocase; http.host; content:"iymuy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250071/; classtype:trojan-activity;sid:83113171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/ieeliessuaqpmi"; depth:18; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250072/; classtype:trojan-activity;sid:83113172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip/eonetrivinuq"; depth:16; endswith; nocase; http.host; content:"whizzo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250067/; classtype:trojan-activity;sid:83113167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iac/oumrrthiaenvne"; depth:19; endswith; nocase; http.host; content:"xfamn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250068/; classtype:trojan-activity;sid:83113168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/tiedteinle"; depth:14; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250069/; classtype:trojan-activity;sid:83113169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/tsuiuaqqims"; depth:15; endswith; nocase; http.host; content:"pvocl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250066/; classtype:trojan-activity;sid:83113166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/nnormtuons"; depth:14; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250064/; classtype:trojan-activity;sid:83113164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rio/scopoirert"; depth:15; endswith; nocase; http.host; content:"expoart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250065/; classtype:trojan-activity;sid:83113165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aos/aoscutipdnsvioittl"; depth:23; endswith; nocase; http.host; content:"thecleocounty.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250063/; classtype:trojan-activity;sid:83113163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/mdeisteidp"; depth:14; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250059/; classtype:trojan-activity;sid:83113159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/eudtexncneeirmoait"; depth:24; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250060/; classtype:trojan-activity;sid:83113160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/rlatopsevlsoduo"; depth:19; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250061/; classtype:trojan-activity;sid:83113161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/ounoipmsit"; depth:14; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250062/; classtype:trojan-activity;sid:83113162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aos/adleesttuuc"; depth:16; endswith; nocase; http.host; content:"thecleocounty.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250058/; classtype:trojan-activity;sid:83113158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/rluieiqbo"; depth:13; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250054/; classtype:trojan-activity;sid:83113154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eot/eeeaiiispvcntrsetip"; depth:24; endswith; nocase; http.host; content:"nutriselfagro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250055/; classtype:trojan-activity;sid:83113155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/doodorilt"; depth:13; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250056/; classtype:trojan-activity;sid:83113156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/do/cnetertuum"; depth:14; endswith; nocase; http.host; content:"theprestigecitybanglore.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250057/; classtype:trojan-activity;sid:83113157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec/axobceotmltpia"; depth:18; endswith; nocase; http.host; content:"pwgzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250052/; classtype:trojan-activity;sid:83113152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/orupcetrrxriee"; depth:18; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250053/; classtype:trojan-activity;sid:83113153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um/pdidetexoiao"; depth:16; endswith; nocase; http.host; content:"knightplumbingphoenix.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250050/; classtype:trojan-activity;sid:83113150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/tesseo"; depth:12; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250051/; classtype:trojan-activity;sid:83113151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oae/hecit"; depth:10; endswith; nocase; http.host; content:"sqqlm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250044/; classtype:trojan-activity;sid:83113144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/lntlauua"; depth:12; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250045/; classtype:trojan-activity;sid:83113145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsdr/siiumlosaeqt"; depth:18; endswith; nocase; http.host; content:"mrhvh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250046/; classtype:trojan-activity;sid:83113146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/iuaatqu"; depth:11; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250047/; classtype:trojan-activity;sid:83113147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/osiirepuaiplodticbrss"; depth:26; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250048/; classtype:trojan-activity;sid:83113148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dpou/detiersenciis"; depth:19; endswith; nocase; http.host; content:"redempire7.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250049/; classtype:trojan-activity;sid:83113149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/eurtldoom"; depth:13; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250038/; classtype:trojan-activity;sid:83113138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ieeslrensdueltp"; depth:19; endswith; nocase; http.host; content:"glkwr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250039/; classtype:trojan-activity;sid:83113139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/eomadlproees"; depth:16; endswith; nocase; http.host; content:"strikevpn.ml"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250040/; classtype:trojan-activity;sid:83113140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/lsbaoonbrie"; depth:15; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250041/; classtype:trojan-activity;sid:83113141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovtl/luqvtpeeoutmaa"; depth:20; endswith; nocase; http.host; content:"tphoz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250042/; classtype:trojan-activity;sid:83113142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/velvesuptltoa"; depth:17; endswith; nocase; http.host; content:"whiaq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250043/; classtype:trojan-activity;sid:83113143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/emmmoxssaalitie"; depth:19; endswith; nocase; http.host; content:"pvocl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250035/; classtype:trojan-activity;sid:83113135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irmc/errtmue"; depth:13; endswith; nocase; http.host; content:"tvglj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250036/; classtype:trojan-activity;sid:83113136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/amaicpsupl"; depth:14; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250037/; classtype:trojan-activity;sid:83113137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asiq/vteetpnevtinuaolor"; depth:24; endswith; nocase; http.host; content:"imzpn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250030/; classtype:trojan-activity;sid:83113130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/mdsnsuoibicu"; depth:16; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250031/; classtype:trojan-activity;sid:83113131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/estarntequu"; depth:15; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250032/; classtype:trojan-activity;sid:83113132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/mnseodsi"; depth:12; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250033/; classtype:trojan-activity;sid:83113133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cts/auqllmamu"; depth:14; endswith; nocase; http.host; content:"innovative23.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250034/; classtype:trojan-activity;sid:83113134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/nviteiene"; depth:15; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250028/; classtype:trojan-activity;sid:83113128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/tsiacatuuqidiep"; depth:19; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250029/; classtype:trojan-activity;sid:83113129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irmc/eliuertaselp"; depth:18; endswith; nocase; http.host; content:"tvglj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250024/; classtype:trojan-activity;sid:83113124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/etpletaovmtu"; depth:18; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250025/; classtype:trojan-activity;sid:83113125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et/luimtafogease"; depth:17; endswith; nocase; http.host; content:"rsmzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250026/; classtype:trojan-activity;sid:83113126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiic/tsesde"; depth:12; endswith; nocase; http.host; content:"fxtradeoption24.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250027/; classtype:trojan-activity;sid:83113127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec/miiuosocpdmm"; depth:16; endswith; nocase; http.host; content:"pwgzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250020/; classtype:trojan-activity;sid:83113120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/stminoen"; depth:12; endswith; nocase; http.host; content:"thebrigade-eldorado.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250021/; classtype:trojan-activity;sid:83113121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qud/eitendltie"; depth:15; endswith; nocase; http.host; content:"rmspices.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250022/; classtype:trojan-activity;sid:83113122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dea/udmqiqieu"; depth:14; endswith; nocase; http.host; content:"ritaprakashmanikarnika.in"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250023/; classtype:trojan-activity;sid:83113123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/qioutaieanr"; depth:15; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250017/; classtype:trojan-activity;sid:83113117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/opaotuqrre"; depth:14; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250018/; classtype:trojan-activity;sid:83113118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vee/euarmsth"; depth:13; endswith; nocase; http.host; content:"ygisf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250019/; classtype:trojan-activity;sid:83113119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ule/iuicdntnet"; depth:15; endswith; nocase; http.host; content:"pwpze.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250011/; classtype:trojan-activity;sid:83113111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/btiiadfusguolro"; depth:19; endswith; nocase; http.host; content:"strikevpn.ml"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250012/; classtype:trojan-activity;sid:83113112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/rretvuielm"; depth:14; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250013/; classtype:trojan-activity;sid:83113113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uume/iqseultmaa"; depth:16; endswith; nocase; http.host; content:"raymondrealtythane.co"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250014/; classtype:trojan-activity;sid:83113114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vup/aenscouprluucaqt"; depth:21; endswith; nocase; http.host; content:"prestigejindalcitybangalore.com"; depth:31; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250015/; classtype:trojan-activity;sid:83113115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/nqataorsnuusecut"; depth:20; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250016/; classtype:trojan-activity;sid:83113116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/rcapsuesuentmitroubqo"; depth:26; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250006/; classtype:trojan-activity;sid:83113106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oui/pcreiesutosncat"; depth:20; endswith; nocase; http.host; content:"rrkhf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250007/; classtype:trojan-activity;sid:83113107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/qluisve"; depth:12; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250008/; classtype:trojan-activity;sid:83113108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iac/npnoomvrtsedtiru"; depth:21; endswith; nocase; http.host; content:"xfamn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250009/; classtype:trojan-activity;sid:83113109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur/mqrelounodie"; depth:16; endswith; nocase; http.host; content:"meghapure.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250010/; classtype:trojan-activity;sid:83113110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/neumsont"; depth:13; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250000/; classtype:trojan-activity;sid:83113100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/uqnoriaeti"; depth:14; endswith; nocase; http.host; content:"goayurvedaindia.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250001/; classtype:trojan-activity;sid:83113101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/ansieamrumepnt"; depth:18; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250002/; classtype:trojan-activity;sid:83113102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/atunsaederupdni"; depth:19; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250003/; classtype:trojan-activity;sid:83113103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/ttosmautn"; depth:13; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250004/; classtype:trojan-activity;sid:83113104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dea/onidocsearedua"; depth:19; endswith; nocase; http.host; content:"ritaprakashmanikarnika.in"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2250005/; classtype:trojan-activity;sid:83113105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/lpdioosemasr"; depth:16; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249998/; classtype:trojan-activity;sid:83113098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/utqeeabai"; depth:13; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249999/; classtype:trojan-activity;sid:83113099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/riiiiielscdmeenusiq"; depth:23; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249996/; classtype:trojan-activity;sid:83113096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/equaoacceaitc"; depth:17; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249997/; classtype:trojan-activity;sid:83113097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/nsteetucin"; depth:14; endswith; nocase; http.host; content:"prestige-finsbury-park.co"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249992/; classtype:trojan-activity;sid:83113092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/mlilliinuh"; depth:14; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249993/; classtype:trojan-activity;sid:83113093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/nismneomo"; depth:15; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249994/; classtype:trojan-activity;sid:83113094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qei/iqasmtue"; depth:13; endswith; nocase; http.host; content:"merbleuedakar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249995/; classtype:trojan-activity;sid:83113095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/ismasqpaquui"; depth:16; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249989/; classtype:trojan-activity;sid:83113089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/emento"; depth:10; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249990/; classtype:trojan-activity;sid:83113090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/sempmouritospse"; depth:19; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249991/; classtype:trojan-activity;sid:83113091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/retirusm"; depth:14; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249983/; classtype:trojan-activity;sid:83113083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/smdqoeluior"; depth:15; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249984/; classtype:trojan-activity;sid:83113084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/tcbaiseuquiinmld"; depth:22; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249985/; classtype:trojan-activity;sid:83113085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/eprniedomttva"; depth:17; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249986/; classtype:trojan-activity;sid:83113086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ansestdiaaeuommsel"; depth:22; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249987/; classtype:trojan-activity;sid:83113087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co/itaunts"; depth:11; endswith; nocase; http.host; content:"shrutex.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249988/; classtype:trojan-activity;sid:83113088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eint/ciiaquh"; depth:13; endswith; nocase; http.host; content:"mybusinessvisit.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249978/; classtype:trojan-activity;sid:83113078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sorp/uiupovtsposmatlesm"; depth:24; endswith; nocase; http.host; content:"pti-aast.org"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249979/; classtype:trojan-activity;sid:83113079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eri/lrquoeuednoedm"; depth:19; endswith; nocase; http.host; content:"phiniteng.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249980/; classtype:trojan-activity;sid:83113080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/imsiarecoh"; depth:14; endswith; nocase; http.host; content:"thenxtcapital.co.in"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249981/; classtype:trojan-activity;sid:83113081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa/roitserr"; depth:12; endswith; nocase; http.host; content:"sayanoida131.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249982/; classtype:trojan-activity;sid:83113082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/icitsesasutsebntin"; depth:23; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249976/; classtype:trojan-activity;sid:83113076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/au/miubedqa"; depth:12; endswith; nocase; http.host; content:"signaturefloorsgurgaon.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249977/; classtype:trojan-activity;sid:83113077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeu/imniucusmtaacnai"; depth:21; endswith; nocase; http.host; content:"mailinstantly.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249970/; classtype:trojan-activity;sid:83113070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/teet"; depth:8; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249971/; classtype:trojan-activity;sid:83113071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ct/prmaaote"; depth:12; endswith; nocase; http.host; content:"ozqnb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249972/; classtype:trojan-activity;sid:83113072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ule/apmteqineeusuenr"; depth:21; endswith; nocase; http.host; content:"pwpze.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249973/; classtype:trojan-activity;sid:83113073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qiu/uuitaq"; depth:11; endswith; nocase; http.host; content:"sunraysaunas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249974/; classtype:trojan-activity;sid:83113074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iic/acume"; depth:10; endswith; nocase; http.host; content:"newhorizonacademy.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249975/; classtype:trojan-activity;sid:83113075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/xeet"; depth:8; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249967/; classtype:trojan-activity;sid:83113067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vela/piivaluesrctta"; depth:20; endswith; nocase; http.host; content:"uwtjm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249968/; classtype:trojan-activity;sid:83113068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tis/itblsittaiesnavriid"; depth:24; endswith; nocase; http.host; content:"waapsols.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249969/; classtype:trojan-activity;sid:83113069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/ruqsretuunedncetosa"; depth:24; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249966/; classtype:trojan-activity;sid:83113066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/capiudioisqs"; depth:18; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249963/; classtype:trojan-activity;sid:83113063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/evuoutpatltqea"; depth:18; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249964/; classtype:trojan-activity;sid:83113064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/pometlmetvltuaapuovt"; depth:26; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249965/; classtype:trojan-activity;sid:83113065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/prtoero"; depth:11; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249961/; classtype:trojan-activity;sid:83113061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen/aitsuuqans"; depth:15; endswith; nocase; http.host; content:"npmohadi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249962/; classtype:trojan-activity;sid:83113062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/oriusrreq"; depth:13; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249958/; classtype:trojan-activity;sid:83113058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/onnuatruqescno"; depth:19; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249959/; classtype:trojan-activity;sid:83113059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/"; depth:4; endswith; nocase; http.host; content:"thebrigade-eldorado.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249960/; classtype:trojan-activity;sid:83113060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/iesivttl"; depth:12; endswith; nocase; http.host; content:"lazzatedilli.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249955/; classtype:trojan-activity;sid:83113055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/nteiasmi"; depth:12; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249956/; classtype:trojan-activity;sid:83113056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/meeipesrmxinaautm"; depth:21; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249957/; classtype:trojan-activity;sid:83113057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uise/itseeu"; depth:12; endswith; nocase; http.host; content:"hchxs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249953/; classtype:trojan-activity;sid:83113053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iti/pultmtuaovet"; depth:17; endswith; nocase; http.host; content:"wiseinvesting.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249954/; classtype:trojan-activity;sid:83113054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/patiirpdnutesutcmeeai"; depth:25; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249948/; classtype:trojan-activity;sid:83113048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eet/tnluluaa"; depth:13; endswith; nocase; http.host; content:"kafarooqui.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249949/; classtype:trojan-activity;sid:83113049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo/tdisoti"; depth:11; endswith; nocase; http.host; content:"grandaffairs.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249950/; classtype:trojan-activity;sid:83113050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uume/lmlumluaaaiq"; depth:18; endswith; nocase; http.host; content:"raymondrealtythane.co"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249951/; classtype:trojan-activity;sid:83113051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/ufmtotlevptuagi"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249952/; classtype:trojan-activity;sid:83113052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhs/ncstuouqariiens"; depth:20; endswith; nocase; http.host; content:"turkmenulastirma.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249945/; classtype:trojan-activity;sid:83113045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/oemnesd"; depth:13; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249946/; classtype:trojan-activity;sid:83113046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/dasneiabuuqmmiv"; depth:21; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249947/; classtype:trojan-activity;sid:83113047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asiq/mtsqceiupuarsnoa"; depth:22; endswith; nocase; http.host; content:"imzpn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249944/; classtype:trojan-activity;sid:83113044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pss/fegosua"; depth:12; endswith; nocase; http.host; content:"urtku.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249936/; classtype:trojan-activity;sid:83113036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctpt/povmtattelue"; depth:18; endswith; nocase; http.host; content:"instantreplys.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249937/; classtype:trojan-activity;sid:83113037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/oeseeetnvi"; depth:14; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249938/; classtype:trojan-activity;sid:83113038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn/eriepesfesnrtdi"; depth:19; endswith; nocase; http.host; content:"povef.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249939/; classtype:trojan-activity;sid:83113039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/nqncntronuosueu"; depth:19; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249940/; classtype:trojan-activity;sid:83113040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/uarfiicmrofe"; depth:16; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249941/; classtype:trojan-activity;sid:83113041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/inithlu"; depth:12; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249942/; classtype:trojan-activity;sid:83113042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ausu/angteebamama"; depth:18; endswith; nocase; http.host; content:"restorecoinwallets.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249943/; classtype:trojan-activity;sid:83113043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mn/rtpsituraea"; depth:15; endswith; nocase; http.host; content:"tochid.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249930/; classtype:trojan-activity;sid:83113030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen/dcnitrccseuetoaae"; depth:22; endswith; nocase; http.host; content:"npmohadi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249931/; classtype:trojan-activity;sid:83113031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dea/nnadaumegm"; depth:15; endswith; nocase; http.host; content:"ritaprakashmanikarnika.in"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249932/; classtype:trojan-activity;sid:83113032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna/ovopmclafutsiftiui"; depth:24; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249933/; classtype:trojan-activity;sid:83113033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/ouqusnt"; depth:12; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249934/; classtype:trojan-activity;sid:83113034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/lapamrtliriuu"; depth:19; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249935/; classtype:trojan-activity;sid:83113035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/uidiqs"; depth:12; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249927/; classtype:trojan-activity;sid:83113027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/dtuesmcnlraouteevaap"; depth:24; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249928/; classtype:trojan-activity;sid:83113028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna"; depth:5; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249929/; classtype:trojan-activity;sid:83113029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/miqmmuanangu"; depth:17; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249923/; classtype:trojan-activity;sid:83113023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mra/tetame"; depth:11; endswith; nocase; http.host; content:"tkdxi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249924/; classtype:trojan-activity;sid:83113024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsdr/alipttoaeuvoetmnr"; depth:23; endswith; nocase; http.host; content:"mrhvh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249925/; classtype:trojan-activity;sid:83113025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/aiparessqeuiro"; depth:20; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249926/; classtype:trojan-activity;sid:83113026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/miamanniive"; depth:17; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249919/; classtype:trojan-activity;sid:83113019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oeis/ieqxu"; depth:11; endswith; nocase; http.host; content:"sipitours.in"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249920/; classtype:trojan-activity;sid:83113020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as/spreipdraerethsrerneeoi"; depth:27; endswith; nocase; http.host; content:"groupazanero.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249921/; classtype:trojan-activity;sid:83113021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/osettaom"; depth:13; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249922/; classtype:trojan-activity;sid:83113022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/otopdoiit"; depth:13; endswith; nocase; http.host; content:"whiaq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249915/; classtype:trojan-activity;sid:83113015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afdu/oihpltsnpeeurvteedarr"; depth:27; endswith; nocase; http.host; content:"mnkuq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249916/; classtype:trojan-activity;sid:83113016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sa/elqetpaulor"; depth:15; endswith; nocase; http.host; content:"techcris.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249917/; classtype:trojan-activity;sid:83113017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uprm/olploumvertutoad"; depth:22; endswith; nocase; http.host; content:"gvxai.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249918/; classtype:trojan-activity;sid:83113018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/iiodltemv"; depth:13; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249913/; classtype:trojan-activity;sid:83113013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abit/ndlsoumrtio"; depth:17; endswith; nocase; http.host; content:"kenol.com.ng"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249914/; classtype:trojan-activity;sid:83113014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/onseno"; depth:11; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249910/; classtype:trojan-activity;sid:83113010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eet/somuainspsm"; depth:16; endswith; nocase; http.host; content:"kafarooqui.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249911/; classtype:trojan-activity;sid:83113011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/nttbcteusiseauis"; depth:21; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249912/; classtype:trojan-activity;sid:83113012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ele/iefcmoufai"; depth:15; endswith; nocase; http.host; content:"mistfanindia.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249907/; classtype:trojan-activity;sid:83113007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmi/iqusnisi"; depth:13; endswith; nocase; http.host; content:"rapidnews13.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249908/; classtype:trojan-activity;sid:83113008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saae/intdolncisieetitdi"; depth:24; endswith; nocase; http.host; content:"igitangsel.or.id"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249909/; classtype:trojan-activity;sid:83113009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/autellns"; depth:12; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249903/; classtype:trojan-activity;sid:83113003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eot/tide"; depth:9; endswith; nocase; http.host; content:"nutriselfagro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249904/; classtype:trojan-activity;sid:83113004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgiu/direeicsiutn"; depth:18; endswith; nocase; http.host; content:"thebankompany.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249905/; classtype:trojan-activity;sid:83113005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cts/ocodslorriopr"; depth:18; endswith; nocase; http.host; content:"innovative23.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249906/; classtype:trojan-activity;sid:83113006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/quiuta"; depth:12; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249899/; classtype:trojan-activity;sid:83112999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te/enpmssimiaaoirer"; depth:20; endswith; nocase; http.host; content:"rozcat.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249900/; classtype:trojan-activity;sid:83113000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiic/oapvomutltruleod"; depth:22; endswith; nocase; http.host; content:"fxtradeoption24.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249901/; classtype:trojan-activity;sid:83113001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/mieeetesirtcatnxo"; depth:23; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249902/; classtype:trojan-activity;sid:83113002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enqs/stevnul"; depth:13; endswith; nocase; http.host; content:"fastelectroshop.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249897/; classtype:trojan-activity;sid:83112997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enqs/amciilltdu"; depth:16; endswith; nocase; http.host; content:"fastelectroshop.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249898/; classtype:trojan-activity;sid:83112998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/taee"; depth:10; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249885/; classtype:trojan-activity;sid:83112985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/mdatuoi"; depth:11; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249886/; classtype:trojan-activity;sid:83112986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/oierevts"; depth:14; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249887/; classtype:trojan-activity;sid:83112987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/eiqmpditeuat"; depth:16; endswith; nocase; http.host; content:"whiaq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249888/; classtype:trojan-activity;sid:83112988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ite/itioaloimdol"; depth:17; endswith; nocase; http.host; content:"iuvhb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249889/; classtype:trojan-activity;sid:83112989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/ceienndisiri"; depth:18; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249890/; classtype:trojan-activity;sid:83112990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oeis/etin"; depth:10; endswith; nocase; http.host; content:"sipitours.in"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249891/; classtype:trojan-activity;sid:83112991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/iuqolol"; depth:11; endswith; nocase; http.host; content:"rotaryale.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249892/; classtype:trojan-activity;sid:83112992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/louanlill"; depth:15; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249893/; classtype:trojan-activity;sid:83112993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/isquiet"; depth:11; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249894/; classtype:trojan-activity;sid:83112994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/mscientuuinns"; depth:17; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249895/; classtype:trojan-activity;sid:83112995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tis/qtuaetiu"; depth:13; endswith; nocase; http.host; content:"waapsols.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249896/; classtype:trojan-activity;sid:83112996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/eumvel"; depth:11; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249878/; classtype:trojan-activity;sid:83112978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/ixuaqe"; depth:10; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249879/; classtype:trojan-activity;sid:83112979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/aduqtou"; depth:12; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249880/; classtype:trojan-activity;sid:83112980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/tesltvei"; depth:12; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249881/; classtype:trojan-activity;sid:83112981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmc/odneqduu"; depth:13; endswith; nocase; http.host; content:"lymqe.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249882/; classtype:trojan-activity;sid:83112982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/imiuuuqsqqa"; depth:17; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249883/; classtype:trojan-activity;sid:83112983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/ausfqiug"; depth:12; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249884/; classtype:trojan-activity;sid:83112984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lvqe/snouidtsmaapeo"; depth:20; endswith; nocase; http.host; content:"supraseg.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249877/; classtype:trojan-activity;sid:83112977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qnri/nisiest"; depth:13; endswith; nocase; http.host; content:"mezouar.net"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249876/; classtype:trojan-activity;sid:83112976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nssu/apauederspmtssisiican"; depth:27; endswith; nocase; http.host; content:"dharmipatel.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249875/; classtype:trojan-activity;sid:83112975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nssu/sncpiitsiu"; depth:16; endswith; nocase; http.host; content:"dharmipatel.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249874/; classtype:trojan-activity;sid:83112974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/ooriprd"; depth:13; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249873/; classtype:trojan-activity;sid:83112973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeu/imniucusmtaacnai"; depth:21; endswith; nocase; http.host; content:"mailinstantly.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249871/; classtype:trojan-activity;sid:83112971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntus/ortunonmsn"; depth:16; endswith; nocase; http.host; content:"upnyt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249872/; classtype:trojan-activity;sid:83112972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ood/uunsaaaeisqdm"; depth:18; endswith; nocase; http.host; content:"araceliescobarchavez.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249868/; classtype:trojan-activity;sid:83112968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imev/oaumiucaeccsacacts"; depth:24; endswith; nocase; http.host; content:"xgsol.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249869/; classtype:trojan-activity;sid:83112969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etes/ereorramuqnctusu"; depth:22; endswith; nocase; http.host; content:"rtyaj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249870/; classtype:trojan-activity;sid:83112970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oo/esotilil"; depth:12; endswith; nocase; http.host; content:"elhipopotamoamarillo.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249865/; classtype:trojan-activity;sid:83112965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa/roitserr"; depth:12; endswith; nocase; http.host; content:"sayanoida131.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249866/; classtype:trojan-activity;sid:83112966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rreo/amaucmiqul"; depth:16; endswith; nocase; http.host; content:"sujaypaul.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249867/; classtype:trojan-activity;sid:83112967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me/nuatviqeee"; depth:14; endswith; nocase; http.host; content:"diocesiat.it"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249859/; classtype:trojan-activity;sid:83112959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/aetnqasreeiptua"; depth:20; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249860/; classtype:trojan-activity;sid:83112960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip/eipoxsdlaoedert"; depth:19; endswith; nocase; http.host; content:"whizzo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249861/; classtype:trojan-activity;sid:83112961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/rvmspiusesoo"; depth:16; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249862/; classtype:trojan-activity;sid:83112962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/liiamaqlausa"; depth:18; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249863/; classtype:trojan-activity;sid:83112963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rreo/eplttpaetsnoeumaiv"; depth:24; endswith; nocase; http.host; content:"sujaypaul.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249864/; classtype:trojan-activity;sid:83112964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ood/utsouscuonevrpqtlaun"; depth:25; endswith; nocase; http.host; content:"araceliescobarchavez.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249858/; classtype:trojan-activity;sid:83112958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rio/llilaosia"; depth:14; endswith; nocase; http.host; content:"expoart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249855/; classtype:trojan-activity;sid:83112955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hu/sbeeiirvdto"; depth:15; endswith; nocase; http.host; content:"m3mgurugram.co"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249856/; classtype:trojan-activity;sid:83112956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snpt/tveores"; depth:13; endswith; nocase; http.host; content:"mtsalmanar.sch.id"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249857/; classtype:trojan-activity;sid:83112957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/qqeedueimua"; depth:17; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249852/; classtype:trojan-activity;sid:83112952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/bpeapotluvoisaclx"; depth:22; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249853/; classtype:trojan-activity;sid:83112953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irmc/iasoelteqmuene"; depth:20; endswith; nocase; http.host; content:"tvglj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249854/; classtype:trojan-activity;sid:83112954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/nimnghtrrirepaedee"; depth:22; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249850/; classtype:trojan-activity;sid:83112950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtuu/tlaosiud"; depth:14; endswith; nocase; http.host; content:"afrozaway.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249851/; classtype:trojan-activity;sid:83112951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/ruepraieosqsi"; depth:17; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249847/; classtype:trojan-activity;sid:83112947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna/mtarhua"; depth:13; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249848/; classtype:trojan-activity;sid:83112948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uume/muepsia"; depth:13; endswith; nocase; http.host; content:"raymondrealtythane.co"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249849/; classtype:trojan-activity;sid:83112949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/gdbsainqmmiuau"; depth:20; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249843/; classtype:trojan-activity;sid:83112943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/inigedauadeesnslm"; depth:22; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249844/; classtype:trojan-activity;sid:83112944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olu/icsvdrelaaeunet"; depth:20; endswith; nocase; http.host; content:"campaignlook.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249845/; classtype:trojan-activity;sid:83112945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnep/tiadoimcustilbrno"; depth:23; endswith; nocase; http.host; content:"beautybymaria.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249846/; classtype:trojan-activity;sid:83112946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nre/vsnteotntceuercrneio"; depth:25; endswith; nocase; http.host; content:"mpncj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249840/; classtype:trojan-activity;sid:83112940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa/atceefre"; depth:12; endswith; nocase; http.host; content:"sayanoida131.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249841/; classtype:trojan-activity;sid:83112941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/eocletqeuiusamm"; depth:21; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249842/; classtype:trojan-activity;sid:83112942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnep/etclaapsinepu"; depth:19; endswith; nocase; http.host; content:"beautybymaria.uk"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249837/; classtype:trojan-activity;sid:83112937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iris/sironnmosmut"; depth:18; endswith; nocase; http.host; content:"dpjlg.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249838/; classtype:trojan-activity;sid:83112938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/tutiusoiivpbdoasilcttn"; depth:26; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249839/; classtype:trojan-activity;sid:83112939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec/eosieamrt"; depth:13; endswith; nocase; http.host; content:"pwgzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249833/; classtype:trojan-activity;sid:83112933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oo/qmaieuus"; depth:12; endswith; nocase; http.host; content:"elhipopotamoamarillo.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249834/; classtype:trojan-activity;sid:83112934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/mdiciumooq"; depth:16; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249835/; classtype:trojan-activity;sid:83112935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/lqlaiiaeciuxopdb"; depth:20; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249836/; classtype:trojan-activity;sid:83112936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/qreatteua"; depth:13; endswith; nocase; http.host; content:"bibvc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249827/; classtype:trojan-activity;sid:83112927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen/esserucnatqoou"; depth:19; endswith; nocase; http.host; content:"npmohadi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249828/; classtype:trojan-activity;sid:83112928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ole/potatetuuvlm"; depth:17; endswith; nocase; http.host; content:"lnogx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249829/; classtype:trojan-activity;sid:83112929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erms/nteibos"; depth:13; endswith; nocase; http.host; content:"mohaliplots.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249830/; classtype:trojan-activity;sid:83112930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruue/mslauaapogtmnv"; depth:20; endswith; nocase; http.host; content:"yameb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249831/; classtype:trojan-activity;sid:83112931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/gnttemnruiea"; depth:16; endswith; nocase; http.host; content:"climatefinancenetwork.org"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249832/; classtype:trojan-activity;sid:83112932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba/txee"; depth:8; endswith; nocase; http.host; content:"dietchidjery.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249824/; classtype:trojan-activity;sid:83112924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/usrectusoqaoen"; depth:20; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249825/; classtype:trojan-activity;sid:83112925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu"; depth:3; endswith; nocase; http.host; content:"mdpcd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249826/; classtype:trojan-activity;sid:83112926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me/mubepsqrmiituileiso"; depth:23; endswith; nocase; http.host; content:"brandimprint.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249818/; classtype:trojan-activity;sid:83112918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rion/muuqei"; depth:12; endswith; nocase; http.host; content:"bhutaniprojectsnoida.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249819/; classtype:trojan-activity;sid:83112919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/tmelvptiuipasoidca"; depth:22; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249820/; classtype:trojan-activity;sid:83112920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/vasqureio"; depth:15; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249821/; classtype:trojan-activity;sid:83112921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/mreets"; depth:12; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249822/; classtype:trojan-activity;sid:83112922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um/iideedlitn"; depth:14; endswith; nocase; http.host; content:"knightplumbingphoenix.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249823/; classtype:trojan-activity;sid:83112923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/um/mroeitetiveetxecinaen"; depth:25; endswith; nocase; http.host; content:"knightplumbingphoenix.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249815/; classtype:trojan-activity;sid:83112915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau/uprocmtonirsi"; depth:18; endswith; nocase; http.host; content:"akscon.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249816/; classtype:trojan-activity;sid:83112916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc/isauiqp"; depth:11; endswith; nocase; http.host; content:"bestechscogurgaon.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249817/; classtype:trojan-activity;sid:83112917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/oeetvr"; depth:10; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249812/; classtype:trojan-activity;sid:83112912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/uafitget"; depth:13; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249813/; classtype:trojan-activity;sid:83112913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nll/atvietlueidictp"; depth:20; endswith; nocase; http.host; content:"plumberpages.com.au"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249814/; classtype:trojan-activity;sid:83112914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/siibntso"; depth:13; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249809/; classtype:trojan-activity;sid:83112909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me/aseoequ"; depth:11; endswith; nocase; http.host; content:"brandimprint.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249810/; classtype:trojan-activity;sid:83112910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rops/sunmdaaastue"; depth:18; endswith; nocase; http.host; content:"dasnacburj.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249811/; classtype:trojan-activity;sid:83112911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ood/lestaaectp"; depth:15; endswith; nocase; http.host; content:"araceliescobarchavez.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249800/; classtype:trojan-activity;sid:83112900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/etmiimnas"; depth:15; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249801/; classtype:trojan-activity;sid:83112901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/ruiiiisnscdeeq"; depth:18; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249802/; classtype:trojan-activity;sid:83112902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/eeeutnrta"; depth:13; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249803/; classtype:trojan-activity;sid:83112903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cu/fmsupgtiui"; depth:14; endswith; nocase; http.host; content:"vqvrk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249804/; classtype:trojan-activity;sid:83112904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utet/iaecxerbfeaolcp"; depth:21; endswith; nocase; http.host; content:"cwnuf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249805/; classtype:trojan-activity;sid:83112905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq"; depth:3; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249806/; classtype:trojan-activity;sid:83112906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/ounstnn"; depth:11; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249807/; classtype:trojan-activity;sid:83112907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqen/qtlasosmaeuis"; depth:19; endswith; nocase; http.host; content:"arenaanimationdelhi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249808/; classtype:trojan-activity;sid:83112908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/isgmaociffiin"; depth:17; endswith; nocase; http.host; content:"dishahearing.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249794/; classtype:trojan-activity;sid:83112894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etes/nsleidaitiab"; depth:18; endswith; nocase; http.host; content:"rtyaj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249795/; classtype:trojan-activity;sid:83112895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/eobsrleat"; depth:13; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249796/; classtype:trojan-activity;sid:83112896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne/isidprdcitnresoeitfne"; depth:25; endswith; nocase; http.host; content:"efken.co.ke"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249797/; classtype:trojan-activity;sid:83112897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/ensdetiiarviiritsec"; depth:25; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249798/; classtype:trojan-activity;sid:83112898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/dcimuidsu"; depth:15; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249799/; classtype:trojan-activity;sid:83112899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntus/oidloenr"; depth:14; endswith; nocase; http.host; content:"upnyt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249793/; classtype:trojan-activity;sid:83112893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tep/teondorcctuseoi"; depth:20; endswith; nocase; http.host; content:"exec200systems.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249791/; classtype:trojan-activity;sid:83112891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmu/dorlnelenepuns"; depth:19; endswith; nocase; http.host; content:"turopainterior.es"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249792/; classtype:trojan-activity;sid:83112892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba/tvroee"; depth:10; endswith; nocase; http.host; content:"dietchidjery.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249786/; classtype:trojan-activity;sid:83112886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/piavuisotlubqut"; depth:21; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249787/; classtype:trojan-activity;sid:83112887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/iteenuldrsvte"; depth:17; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249788/; classtype:trojan-activity;sid:83112888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ood/ccontsbueutoarlmre"; depth:23; endswith; nocase; http.host; content:"araceliescobarchavez.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249789/; classtype:trojan-activity;sid:83112889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vutm"; depth:5; endswith; nocase; http.host; content:"aliteswitch.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249790/; classtype:trojan-activity;sid:83112890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ole/eetildenit"; depth:15; endswith; nocase; http.host; content:"lnogx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249784/; classtype:trojan-activity;sid:83112884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/epoasealrisrias"; depth:21; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249785/; classtype:trojan-activity;sid:83112885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr/aovmopdteoulletr"; depth:20; endswith; nocase; http.host; content:"top360digitalmediaada.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249782/; classtype:trojan-activity;sid:83112882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me/totpuasevmlau"; depth:17; endswith; nocase; http.host; content:"brandimprint.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249783/; classtype:trojan-activity;sid:83112883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seto/iausmtn"; depth:13; endswith; nocase; http.host; content:"mehjt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249778/; classtype:trojan-activity;sid:83112878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae/tcosinndoinit"; depth:17; endswith; nocase; http.host; content:"lemhs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249779/; classtype:trojan-activity;sid:83112879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vela/murtiteinciroecxxteeeap"; depth:29; endswith; nocase; http.host; content:"uwtjm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249780/; classtype:trojan-activity;sid:83112880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/btrlsaeoe"; depth:14; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249781/; classtype:trojan-activity;sid:83112881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/eaeaumsntds"; depth:15; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249774/; classtype:trojan-activity;sid:83112874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/iuiialcffmol"; depth:16; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249775/; classtype:trojan-activity;sid:83112875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/ouoltadr"; depth:14; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249776/; classtype:trojan-activity;sid:83112876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oo/eate"; depth:8; endswith; nocase; http.host; content:"elhipopotamoamarillo.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249777/; classtype:trojan-activity;sid:83112877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncm/tnepdreherretei"; depth:20; endswith; nocase; http.host; content:"shamgloballlc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249767/; classtype:trojan-activity;sid:83112867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oeo/ogiilprrdeone"; depth:18; endswith; nocase; http.host; content:"coachhire4u.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249768/; classtype:trojan-activity;sid:83112868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuan/iqamueu"; depth:13; endswith; nocase; http.host; content:"nroan.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249769/; classtype:trojan-activity;sid:83112869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/iasnutesu"; depth:14; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249770/; classtype:trojan-activity;sid:83112870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/oaporioetnti"; depth:18; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249771/; classtype:trojan-activity;sid:83112871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fauu/fiullpcciasa"; depth:18; endswith; nocase; http.host; content:"rvhire.aus.as"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249772/; classtype:trojan-activity;sid:83112872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/emtuesnpiaorrrre"; depth:22; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249773/; classtype:trojan-activity;sid:83112873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unec/meaquts"; depth:13; endswith; nocase; http.host; content:"pinkponyscottsdale.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249764/; classtype:trojan-activity;sid:83112864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen/siuuqleemieqni"; depth:19; endswith; nocase; http.host; content:"npmohadi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249765/; classtype:trojan-activity;sid:83112865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/ceienndisiri"; depth:18; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249766/; classtype:trojan-activity;sid:83112866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr/alcatpoeemn"; depth:15; endswith; nocase; http.host; content:"top360digitalmediaada.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249756/; classtype:trojan-activity;sid:83112856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/croiussrioep"; depth:18; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249757/; classtype:trojan-activity;sid:83112857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/esorteslod"; depth:16; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249758/; classtype:trojan-activity;sid:83112858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/su/mateiepasuicdriot"; depth:21; endswith; nocase; http.host; content:"macdefug.org"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249759/; classtype:trojan-activity;sid:83112859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeta/uearetuutnmnmq"; depth:20; endswith; nocase; http.host; content:"cavle.hr"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249760/; classtype:trojan-activity;sid:83112860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netu/sauuumqsmqbaqiuid"; depth:23; endswith; nocase; http.host; content:"temkos.rs"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249761/; classtype:trojan-activity;sid:83112861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/niidbsualitt"; depth:17; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249762/; classtype:trojan-activity;sid:83112862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/luiroqmededo"; depth:16; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249763/; classtype:trojan-activity;sid:83112863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau/aueeostm"; depth:13; endswith; nocase; http.host; content:"akscon.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249751/; classtype:trojan-activity;sid:83112851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/oindiusmsieqmdsig"; depth:21; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249752/; classtype:trojan-activity;sid:83112852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sa/elqetpaulor"; depth:15; endswith; nocase; http.host; content:"techcris.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249753/; classtype:trojan-activity;sid:83112853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erd/tfdigtuserune"; depth:18; endswith; nocase; http.host; content:"thetulipmonsellagurgaon.in"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249754/; classtype:trojan-activity;sid:83112854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/teapsis"; depth:13; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249755/; classtype:trojan-activity;sid:83112855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rio/oeapeemltcrpat"; depth:19; endswith; nocase; http.host; content:"expoart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249748/; classtype:trojan-activity;sid:83112848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me/aumucsttiance"; depth:17; endswith; nocase; http.host; content:"brandimprint.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249749/; classtype:trojan-activity;sid:83112849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etu/inloaitismsee"; depth:18; endswith; nocase; http.host; content:"theexperionwesterlies.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249750/; classtype:trojan-activity;sid:83112850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba/otsesinm"; depth:12; endswith; nocase; http.host; content:"dietchidjery.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249743/; classtype:trojan-activity;sid:83112843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/muatelordo"; depth:16; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249744/; classtype:trojan-activity;sid:83112844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtuu/baeroelds"; depth:15; endswith; nocase; http.host; content:"afrozaway.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249745/; classtype:trojan-activity;sid:83112845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cts/arumeqaui"; depth:14; endswith; nocase; http.host; content:"innovative23.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249746/; classtype:trojan-activity;sid:83112846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/su/ttusin"; depth:10; endswith; nocase; http.host; content:"macdefug.org"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249747/; classtype:trojan-activity;sid:83112847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rio/nhltiiasiidbc"; depth:18; endswith; nocase; http.host; content:"expoart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249737/; classtype:trojan-activity;sid:83112837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iac/tuslraorore"; depth:16; endswith; nocase; http.host; content:"xfamn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249738/; classtype:trojan-activity;sid:83112838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vutm/eqtuumisnia"; depth:17; endswith; nocase; http.host; content:"aliteswitch.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249739/; classtype:trojan-activity;sid:83112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/osiirepuaiplodticbrss"; depth:26; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249740/; classtype:trojan-activity;sid:83112840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/ionttcvruuseqeaa"; depth:20; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249741/; classtype:trojan-activity;sid:83112841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oll/luiomotmoadmtupvc"; depth:22; endswith; nocase; http.host; content:"emprendedorimbatible.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249742/; classtype:trojan-activity;sid:83112842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quia/nmehldrreorieeeudpeqrto"; depth:29; endswith; nocase; http.host; content:"adelineairplant.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249734/; classtype:trojan-activity;sid:83112834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/aqtiiouilml"; depth:15; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249735/; classtype:trojan-activity;sid:83112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la/ttocseedluauls"; depth:18; endswith; nocase; http.host; content:"ofnwu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249736/; classtype:trojan-activity;sid:83112836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuan/ouiqmne"; depth:13; endswith; nocase; http.host; content:"nroan.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249730/; classtype:trojan-activity;sid:83112830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbut/eontsqmuiara"; depth:18; endswith; nocase; http.host; content:"transportalo.com.pe"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249731/; classtype:trojan-activity;sid:83112831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeuc/muateurr"; depth:14; endswith; nocase; http.host; content:"rrjiu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249732/; classtype:trojan-activity;sid:83112832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ausu/erdnsilloioh"; depth:18; endswith; nocase; http.host; content:"restorecoinwallets.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249733/; classtype:trojan-activity;sid:83112833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/nseumquccoartu"; depth:18; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249728/; classtype:trojan-activity;sid:83112828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imev/uqsoualto"; depth:15; endswith; nocase; http.host; content:"xgsol.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249729/; classtype:trojan-activity;sid:83112829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/utcxainteeetorim"; depth:21; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249727/; classtype:trojan-activity;sid:83112827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tis/qtuaetiu"; depth:13; endswith; nocase; http.host; content:"waapsols.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249722/; classtype:trojan-activity;sid:83112822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/usmetqaotuercnroap"; depth:24; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249723/; classtype:trojan-activity;sid:83112823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeuc/arbusiltaomo"; depth:18; endswith; nocase; http.host; content:"rrjiu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249724/; classtype:trojan-activity;sid:83112824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/iuaatqu"; depth:11; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249725/; classtype:trojan-activity;sid:83112825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fl/odimerrou"; depth:13; endswith; nocase; http.host; content:"apachi.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249726/; classtype:trojan-activity;sid:83112826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/titidudainvetcoprep"; depth:23; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249721/; classtype:trojan-activity;sid:83112821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/msahuipmra"; depth:16; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249715/; classtype:trojan-activity;sid:83112815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de/imsiarecoh"; depth:14; endswith; nocase; http.host; content:"thenxtcapital.co.in"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249716/; classtype:trojan-activity;sid:83112816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/*"; depth:5; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249717/; classtype:trojan-activity;sid:83112817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iq/dbutuiamqus"; depth:15; endswith; nocase; http.host; content:"numericreuse.fr"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249718/; classtype:trojan-activity;sid:83112818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fauu/epoeirilnsdresetai"; depth:24; endswith; nocase; http.host; content:"rvhire.aus.as"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249719/; classtype:trojan-activity;sid:83112819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/itmaeimn"; depth:12; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249720/; classtype:trojan-activity;sid:83112820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/iecaaouuccqctme"; depth:19; endswith; nocase; http.host; content:"pvocl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249711/; classtype:trojan-activity;sid:83112811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oa/oeturuesetncccsnnit"; depth:23; endswith; nocase; http.host; content:"afrishopr.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249712/; classtype:trojan-activity;sid:83112812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seto/ourvtae"; depth:13; endswith; nocase; http.host; content:"mehjt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249713/; classtype:trojan-activity;sid:83112813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/oqemereltoud"; depth:18; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249714/; classtype:trojan-activity;sid:83112814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nll/siiussmcpiapt"; depth:18; endswith; nocase; http.host; content:"plumberpages.com.au"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249709/; classtype:trojan-activity;sid:83112809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/eeptoruvulntqsmutoaucn"; depth:26; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249710/; classtype:trojan-activity;sid:83112810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/tatvoplsesu"; depth:17; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249706/; classtype:trojan-activity;sid:83112806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/ouertrasdunaqp"; depth:19; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249707/; classtype:trojan-activity;sid:83112807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgiu/tuetoriaeaiqn"; depth:19; endswith; nocase; http.host; content:"thebankompany.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249708/; classtype:trojan-activity;sid:83112808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhii/valeb"; depth:11; endswith; nocase; http.host; content:"dstech.com.sa"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249700/; classtype:trojan-activity;sid:83112800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rops/liqoumqmepttaasvuu"; depth:24; endswith; nocase; http.host; content:"dasnacburj.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249701/; classtype:trojan-activity;sid:83112801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/ttuua"; depth:9; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249702/; classtype:trojan-activity;sid:83112802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhii/enmgdnauma"; depth:16; endswith; nocase; http.host; content:"dstech.com.sa"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249703/; classtype:trojan-activity;sid:83112803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhii/mrseeuqmliii"; depth:18; endswith; nocase; http.host; content:"dstech.com.sa"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249704/; classtype:trojan-activity;sid:83112804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qisu/teut"; depth:10; endswith; nocase; http.host; content:"sol-fa.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249705/; classtype:trojan-activity;sid:83112805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mqi/somidelsseta"; depth:17; endswith; nocase; http.host; content:"tkpln.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249697/; classtype:trojan-activity;sid:83112797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuan/ostemen"; depth:13; endswith; nocase; http.host; content:"nroan.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249698/; classtype:trojan-activity;sid:83112798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns/dinattpumusidaceesa"; depth:23; endswith; nocase; http.host; content:"onesoftgaming.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249699/; classtype:trojan-activity;sid:83112799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iemn/caquelsmuuot"; depth:18; endswith; nocase; http.host; content:"menuwiz.com.au"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249691/; classtype:trojan-activity;sid:83112791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/rpestnidvnuto"; depth:19; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249692/; classtype:trojan-activity;sid:83112792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/sattviee"; depth:12; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249693/; classtype:trojan-activity;sid:83112793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uir/opprmarois"; depth:15; endswith; nocase; http.host; content:"lokbhashanews.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249694/; classtype:trojan-activity;sid:83112794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us/taomoste"; depth:12; endswith; nocase; http.host; content:"bmrl.in"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249695/; classtype:trojan-activity;sid:83112795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mutc/psurmbaotibe"; depth:18; endswith; nocase; http.host; content:"deaqc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249696/; classtype:trojan-activity;sid:83112796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqen/rloeiollbi"; depth:16; endswith; nocase; http.host; content:"arenaanimationdelhi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249689/; classtype:trojan-activity;sid:83112789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/ecettrluamueoptvipx"; depth:25; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249690/; classtype:trojan-activity;sid:83112790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/tmarueetrune"; depth:18; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249685/; classtype:trojan-activity;sid:83112785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/utfagtaiu"; depth:13; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249686/; classtype:trojan-activity;sid:83112786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me/odoleimnrme"; depth:15; endswith; nocase; http.host; content:"brandimprint.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249687/; classtype:trojan-activity;sid:83112787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/abodmi"; depth:10; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249688/; classtype:trojan-activity;sid:83112788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/pouttmear"; depth:13; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249682/; classtype:trojan-activity;sid:83112782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iu/olsbvien"; depth:12; endswith; nocase; http.host; content:"vmrhz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249683/; classtype:trojan-activity;sid:83112783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/qigufiut"; depth:12; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249684/; classtype:trojan-activity;sid:83112784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgiu/aalupnsli"; depth:15; endswith; nocase; http.host; content:"thebankompany.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249681/; classtype:trojan-activity;sid:83112781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imev/tvneusl"; depth:13; endswith; nocase; http.host; content:"xgsol.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249678/; classtype:trojan-activity;sid:83112778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/goods2491510234.zip.."; depth:27; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249679/; classtype:trojan-activity;sid:83112779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilb/auelmdotor"; depth:15; endswith; nocase; http.host; content:"rohanupavanproject.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249680/; classtype:trojan-activity;sid:83112780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/rlatuooslod"; depth:15; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249673/; classtype:trojan-activity;sid:83112773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qiu/iaffociut"; depth:14; endswith; nocase; http.host; content:"sunraysaunas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249674/; classtype:trojan-activity;sid:83112774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re/vcurolopsptsrioa"; depth:20; endswith; nocase; http.host; content:"coulylabadiogoul.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249675/; classtype:trojan-activity;sid:83112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/spaeuttenai"; depth:17; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249676/; classtype:trojan-activity;sid:83112776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeta/rrtvliueme"; depth:16; endswith; nocase; http.host; content:"cavle.hr"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249677/; classtype:trojan-activity;sid:83112777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/miqmmuanangu"; depth:17; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249672/; classtype:trojan-activity;sid:83112772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn/ininis"; depth:10; endswith; nocase; http.host; content:"povef.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249667/; classtype:trojan-activity;sid:83112767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsdr/ififsocoqiu"; depth:17; endswith; nocase; http.host; content:"mrhvh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249668/; classtype:trojan-activity;sid:83112768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/netmiiidp"; depth:15; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249669/; classtype:trojan-activity;sid:83112769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/uvqlies"; depth:11; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249670/; classtype:trojan-activity;sid:83112770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/nigama"; depth:10; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249671/; classtype:trojan-activity;sid:83112771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmi/nmtutsaea"; depth:14; endswith; nocase; http.host; content:"rapidnews13.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249665/; classtype:trojan-activity;sid:83112765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/tsaeqrauoe"; depth:14; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249666/; classtype:trojan-activity;sid:83112766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erms/enoson"; depth:12; endswith; nocase; http.host; content:"mohaliplots.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249660/; classtype:trojan-activity;sid:83112760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/ucqiih"; depth:12; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249661/; classtype:trojan-activity;sid:83112761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/cnuedih"; depth:11; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249662/; classtype:trojan-activity;sid:83112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfnd/oerouidrbluis"; depth:19; endswith; nocase; http.host; content:"yashviindustries.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249663/; classtype:trojan-activity;sid:83112763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esp/acistncmiunmuea"; depth:20; endswith; nocase; http.host; content:"theradiant.co.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249664/; classtype:trojan-activity;sid:83112764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/utqeeabai"; depth:13; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249652/; classtype:trojan-activity;sid:83112752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae/nnussedtmeriu"; depth:17; endswith; nocase; http.host; content:"lemhs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249653/; classtype:trojan-activity;sid:83112753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip/eonetrivinuq"; depth:16; endswith; nocase; http.host; content:"whizzo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249654/; classtype:trojan-activity;sid:83112754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/siuapigfmt"; depth:14; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249655/; classtype:trojan-activity;sid:83112755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hu/moecqurlodu"; depth:15; endswith; nocase; http.host; content:"m3mgurugram.co"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249656/; classtype:trojan-activity;sid:83112756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/qtuiiod"; depth:13; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249657/; classtype:trojan-activity;sid:83112757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eot/eclimorhdo"; depth:15; endswith; nocase; http.host; content:"nutriselfagro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249658/; classtype:trojan-activity;sid:83112758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/aatetoivuqplmu"; depth:18; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249659/; classtype:trojan-activity;sid:83112759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trte/luefilatptgaer"; depth:20; endswith; nocase; http.host; content:"motorclips.com.au"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249647/; classtype:trojan-activity;sid:83112747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsdr/iasdqeu"; depth:13; endswith; nocase; http.host; content:"mrhvh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249648/; classtype:trojan-activity;sid:83112748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/uollisoti"; depth:15; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249649/; classtype:trojan-activity;sid:83112749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiq/uueamqet"; depth:13; endswith; nocase; http.host; content:"bnrhr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249650/; classtype:trojan-activity;sid:83112750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tis/dlteivi"; depth:12; endswith; nocase; http.host; content:"waapsols.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249651/; classtype:trojan-activity;sid:83112751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/puetolquaatmvi"; depth:20; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249644/; classtype:trojan-activity;sid:83112744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/osiodimmeelqrliu"; depth:20; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249645/; classtype:trojan-activity;sid:83112745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/emrptsuauneeqait"; depth:22; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249646/; classtype:trojan-activity;sid:83112746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfnd/teut"; depth:10; endswith; nocase; http.host; content:"yashviindustries.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249640/; classtype:trojan-activity;sid:83112740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgiu/usntniintsce"; depth:18; endswith; nocase; http.host; content:"thebankompany.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249641/; classtype:trojan-activity;sid:83112741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuan/ruiae"; depth:11; endswith; nocase; http.host; content:"nroan.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249642/; classtype:trojan-activity;sid:83112742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iris/rtuiurptaaa"; depth:17; endswith; nocase; http.host; content:"dpjlg.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249643/; classtype:trojan-activity;sid:83112743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us/oatmlsiseiueq"; depth:17; endswith; nocase; http.host; content:"bmrl.in"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249633/; classtype:trojan-activity;sid:83112733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna/ovopmclafutsiftiui"; depth:24; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249634/; classtype:trojan-activity;sid:83112734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/eutiaicdqs"; depth:14; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249635/; classtype:trojan-activity;sid:83112735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rion/risnrfeeedpni"; depth:19; endswith; nocase; http.host; content:"bhutaniprojectsnoida.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249636/; classtype:trojan-activity;sid:83112736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uir/acurumdsiarptui"; depth:20; endswith; nocase; http.host; content:"lokbhashanews.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249637/; classtype:trojan-activity;sid:83112737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vet"; depth:4; endswith; nocase; http.host; content:"vozfl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249638/; classtype:trojan-activity;sid:83112738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/titens"; depth:10; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249639/; classtype:trojan-activity;sid:83112739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tgiu/direeicsiutn"; depth:18; endswith; nocase; http.host; content:"thebankompany.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249628/; classtype:trojan-activity;sid:83112728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/rquedmledrlmoooeo"; depth:23; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249629/; classtype:trojan-activity;sid:83112729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/uampirate"; depth:14; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249630/; classtype:trojan-activity;sid:83112730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn/eusemsisn"; depth:13; endswith; nocase; http.host; content:"povef.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249631/; classtype:trojan-activity;sid:83112731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/lriagfaoamobutis"; depth:20; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249632/; classtype:trojan-activity;sid:83112732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/eaixesrepsor"; depth:16; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249624/; classtype:trojan-activity;sid:83112724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eri/elsmeolerspinudn"; depth:21; endswith; nocase; http.host; content:"phiniteng.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249625/; classtype:trojan-activity;sid:83112725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdau/intlivies"; depth:15; endswith; nocase; http.host; content:"zttgn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249626/; classtype:trojan-activity;sid:83112726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/taee"; depth:10; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249627/; classtype:trojan-activity;sid:83112727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuan/utaetqu"; depth:13; endswith; nocase; http.host; content:"nroan.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249622/; classtype:trojan-activity;sid:83112722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/tciaacmluhiisunn"; depth:22; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249623/; classtype:trojan-activity;sid:83112723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pss/quutins"; depth:12; endswith; nocase; http.host; content:"urtku.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249619/; classtype:trojan-activity;sid:83112719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iac/mmaxumeie"; depth:14; endswith; nocase; http.host; content:"xfamn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249620/; classtype:trojan-activity;sid:83112720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncm/rrumdeioo"; depth:14; endswith; nocase; http.host; content:"shamgloballlc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249621/; classtype:trojan-activity;sid:83112721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/em/ratapuusrqii"; depth:16; endswith; nocase; http.host; content:"pgjsy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249617/; classtype:trojan-activity;sid:83112717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sorp/iiumsdcieerrena"; depth:21; endswith; nocase; http.host; content:"pti-aast.org"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249618/; classtype:trojan-activity;sid:83112718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncm/upltismoavang"; depth:18; endswith; nocase; http.host; content:"shamgloballlc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249614/; classtype:trojan-activity;sid:83112714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/vtpeumotala"; depth:17; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249615/; classtype:trojan-activity;sid:83112715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr/tetu"; depth:8; endswith; nocase; http.host; content:"top360digitalmediaada.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249616/; classtype:trojan-activity;sid:83112716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/etiqu"; depth:11; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249605/; classtype:trojan-activity;sid:83112705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hu/umiiqain"; depth:12; endswith; nocase; http.host; content:"m3mgurugram.co"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249606/; classtype:trojan-activity;sid:83112706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gi/rmusteomrn"; depth:14; endswith; nocase; http.host; content:"diasfalizo.gr"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249607/; classtype:trojan-activity;sid:83112707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/ietmosuampberru"; depth:21; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249608/; classtype:trojan-activity;sid:83112708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/btiiadfusguolro"; depth:19; endswith; nocase; http.host; content:"strikevpn.ml"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249609/; classtype:trojan-activity;sid:83112709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/reepnleaotml"; depth:17; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249610/; classtype:trojan-activity;sid:83112710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/nminxtrcntioeeeao"; depth:23; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249611/; classtype:trojan-activity;sid:83112711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ol/msnnioi"; depth:11; endswith; nocase; http.host; content:"bion.mx"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249612/; classtype:trojan-activity;sid:83112712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhs/futcrrpeeaiexce"; depth:20; endswith; nocase; http.host; content:"turkmenulastirma.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249613/; classtype:trojan-activity;sid:83112713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tep/caratiohbcte"; depth:17; endswith; nocase; http.host; content:"exec200systems.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249601/; classtype:trojan-activity;sid:83112701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ernd/quetucme"; depth:14; endswith; nocase; http.host; content:"canberracomms.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249602/; classtype:trojan-activity;sid:83112702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmi/iqusnisi"; depth:13; endswith; nocase; http.host; content:"rapidnews13.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249603/; classtype:trojan-activity;sid:83112703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/eiemna"; depth:11; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249604/; classtype:trojan-activity;sid:83112704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ntoienqeeruav"; depth:17; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249597/; classtype:trojan-activity;sid:83112697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/sutenat"; depth:12; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249598/; classtype:trojan-activity;sid:83112698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/euqeaet"; depth:11; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249599/; classtype:trojan-activity;sid:83112699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trte/tacraufee"; depth:15; endswith; nocase; http.host; content:"motorclips.com.au"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249600/; classtype:trojan-activity;sid:83112700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/oemnesd"; depth:13; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249595/; classtype:trojan-activity;sid:83112695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te/urmrueta"; depth:12; endswith; nocase; http.host; content:"vatikaonegurgaon.in"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249596/; classtype:trojan-activity;sid:83112696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/peuiernecmxit"; depth:17; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249583/; classtype:trojan-activity;sid:83112683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilb/ipcdadutudreininnae"; depth:24; endswith; nocase; http.host; content:"rohanupavanproject.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249584/; classtype:trojan-activity;sid:83112684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtis/lapamrtliriuu"; depth:19; endswith; nocase; http.host; content:"trehanfloors.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249585/; classtype:trojan-activity;sid:83112685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/et/oeedomlsron"; depth:15; endswith; nocase; http.host; content:"rsmzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249586/; classtype:trojan-activity;sid:83112686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teiq/aqidpuisicia"; depth:18; endswith; nocase; http.host; content:"nxlsp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249587/; classtype:trojan-activity;sid:83112687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teiq/niesstt"; depth:13; endswith; nocase; http.host; content:"nxlsp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249588/; classtype:trojan-activity;sid:83112688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeuc/etvle"; depth:11; endswith; nocase; http.host; content:"rrjiu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249589/; classtype:trojan-activity;sid:83112689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna"; depth:5; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249590/; classtype:trojan-activity;sid:83112690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etes/edaaaneosmusericr"; depth:23; endswith; nocase; http.host; content:"rtyaj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249591/; classtype:trojan-activity;sid:83112691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/etdumapelixpvottae"; depth:22; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249592/; classtype:trojan-activity;sid:83112692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/su/emutua"; depth:10; endswith; nocase; http.host; content:"ejpgq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249593/; classtype:trojan-activity;sid:83112693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qio/tetievl"; depth:12; endswith; nocase; http.host; content:"veomtruementor.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249594/; classtype:trojan-activity;sid:83112694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/lpdioosemasr"; depth:16; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249581/; classtype:trojan-activity;sid:83112681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imev/augmnamat"; depth:15; endswith; nocase; http.host; content:"xgsol.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249582/; classtype:trojan-activity;sid:83112682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/sitnsium"; depth:14; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249577/; classtype:trojan-activity;sid:83112677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/iten"; depth:9; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249578/; classtype:trojan-activity;sid:83112678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau/uqoavtaluutmpm"; depth:19; endswith; nocase; http.host; content:"akscon.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249579/; classtype:trojan-activity;sid:83112679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rops/nsidbiiet"; depth:15; endswith; nocase; http.host; content:"dasnacburj.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249580/; classtype:trojan-activity;sid:83112680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec/ucsacmesaut"; depth:15; endswith; nocase; http.host; content:"pwgzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249576/; classtype:trojan-activity;sid:83112676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udir/auedclrsaapeucn"; depth:21; endswith; nocase; http.host; content:"bhbxa.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249575/; classtype:trojan-activity;sid:83112675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diu/rnedutneevsetei"; depth:20; endswith; nocase; http.host; content:"augusta-ind.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249574/; classtype:trojan-activity;sid:83112674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/atnuiducitn"; depth:15; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249571/; classtype:trojan-activity;sid:83112671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/rlameptuseoldootv"; depth:22; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249572/; classtype:trojan-activity;sid:83112672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qud/eitendltie"; depth:15; endswith; nocase; http.host; content:"rmspices.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249573/; classtype:trojan-activity;sid:83112673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qei/sueoeimqltoda"; depth:18; endswith; nocase; http.host; content:"merbleuedakar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249566/; classtype:trojan-activity;sid:83112666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/nteiasmi"; depth:12; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249567/; classtype:trojan-activity;sid:83112667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udir/usuotqtnnceuur"; depth:20; endswith; nocase; http.host; content:"bhbxa.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249568/; classtype:trojan-activity;sid:83112668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trte/aqmuaemtu"; depth:15; endswith; nocase; http.host; content:"motorclips.com.au"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249569/; classtype:trojan-activity;sid:83112669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iq/aiemamx"; depth:11; endswith; nocase; http.host; content:"numericreuse.fr"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249570/; classtype:trojan-activity;sid:83112670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ole/cniastaueexmmroqu"; depth:22; endswith; nocase; http.host; content:"lnogx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249560/; classtype:trojan-activity;sid:83112660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dea/udmqiqieu"; depth:14; endswith; nocase; http.host; content:"ritaprakashmanikarnika.in"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249561/; classtype:trojan-activity;sid:83112661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/oesesodlorlodr"; depth:20; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249562/; classtype:trojan-activity;sid:83112662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/se/iisvperrretasodopen"; depth:23; endswith; nocase; http.host; content:"digitizedsolutions.org"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249563/; classtype:trojan-activity;sid:83112663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iris/ipeievascidtnie"; depth:21; endswith; nocase; http.host; content:"dpjlg.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249564/; classtype:trojan-activity;sid:83112664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nll/iairpueaenudqd"; depth:19; endswith; nocase; http.host; content:"plumberpages.com.au"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249565/; classtype:trojan-activity;sid:83112665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re/mdelumruoo"; depth:14; endswith; nocase; http.host; content:"coulylabadiogoul.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249553/; classtype:trojan-activity;sid:83112653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atiu/vsetiilt"; depth:14; endswith; nocase; http.host; content:"datawrapped.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249554/; classtype:trojan-activity;sid:83112654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/iqqauui"; depth:11; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249555/; classtype:trojan-activity;sid:83112655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/uimiasoint"; depth:14; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249556/; classtype:trojan-activity;sid:83112656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ernd/dseefopmrnnerei"; depth:21; endswith; nocase; http.host; content:"canberracomms.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249557/; classtype:trojan-activity;sid:83112657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eot/eeeaiiispvcntrsetip"; depth:24; endswith; nocase; http.host; content:"nutriselfagro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249558/; classtype:trojan-activity;sid:83112658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iu/odsoermiuln"; depth:15; endswith; nocase; http.host; content:"vmrhz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249559/; classtype:trojan-activity;sid:83112659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmm/ll2538466036.zip"; depth:21; endswith; nocase; http.host; content:"thebirlaniyaaraworli.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249548/; classtype:trojan-activity;sid:83112648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/au/oorrloedpor"; depth:15; endswith; nocase; http.host; content:"signaturefloorsgurgaon.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249549/; classtype:trojan-activity;sid:83112649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rion/ueenuqqi"; depth:14; endswith; nocase; http.host; content:"bhutaniprojectsnoida.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249550/; classtype:trojan-activity;sid:83112650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/adneeuaacbrs"; depth:17; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249551/; classtype:trojan-activity;sid:83112651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/aastmeeirp"; depth:14; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249552/; classtype:trojan-activity;sid:83112652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn/uosstlapseev"; depth:16; endswith; nocase; http.host; content:"povef.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249547/; classtype:trojan-activity;sid:83112647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/seetaoseeilms"; depth:17; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249544/; classtype:trojan-activity;sid:83112644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iu/tatomat"; depth:11; endswith; nocase; http.host; content:"vmrhz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249545/; classtype:trojan-activity;sid:83112645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uir/reaitumeruq"; depth:16; endswith; nocase; http.host; content:"lokbhashanews.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249546/; classtype:trojan-activity;sid:83112646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/rdorobsrcoposliui"; depth:21; endswith; nocase; http.host; content:"mdpcd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249542/; classtype:trojan-activity;sid:83112642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rreo/arpiausrtti"; depth:17; endswith; nocase; http.host; content:"sujaypaul.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249543/; classtype:trojan-activity;sid:83112643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/qquuii"; depth:12; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249540/; classtype:trojan-activity;sid:83112640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oluo/isgteaduf"; depth:15; endswith; nocase; http.host; content:"mybizprojects.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249541/; classtype:trojan-activity;sid:83112641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tlo/qaosumrievqu"; depth:17; endswith; nocase; http.host; content:"solutiontrackers.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249538/; classtype:trojan-activity;sid:83112638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba/baeds"; depth:9; endswith; nocase; http.host; content:"dietchidjery.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249539/; classtype:trojan-activity;sid:83112639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ernd/mreimumrdooc"; depth:18; endswith; nocase; http.host; content:"canberracomms.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249532/; classtype:trojan-activity;sid:83112632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/ntiuriedleshn"; depth:18; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249533/; classtype:trojan-activity;sid:83112633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maut/loanuvmsteitpt"; depth:20; endswith; nocase; http.host; content:"depsocomaccra.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249534/; classtype:trojan-activity;sid:83112634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/nsteetucin"; depth:14; endswith; nocase; http.host; content:"prestige-finsbury-park.co"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249535/; classtype:trojan-activity;sid:83112635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sel/ilfsadtaciic"; depth:17; endswith; nocase; http.host; content:"castilloyasociados.mx"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249536/; classtype:trojan-activity;sid:83112636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/ostciuprrieapidcto"; depth:22; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249537/; classtype:trojan-activity;sid:83112637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stt/onsbiam"; depth:12; endswith; nocase; http.host; content:"ctrs.fr"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249529/; classtype:trojan-activity;sid:83112629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhii/testeeimasol"; depth:18; endswith; nocase; http.host; content:"dstech.com.sa"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249530/; classtype:trojan-activity;sid:83112630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/tumateaqerparo"; depth:20; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249531/; classtype:trojan-activity;sid:83112631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/umoeemn"; depth:12; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249526/; classtype:trojan-activity;sid:83112626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qio/lmsborloaeseita"; depth:20; endswith; nocase; http.host; content:"veomtruementor.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249527/; classtype:trojan-activity;sid:83112627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tis/itblsittaiesnavriid"; depth:24; endswith; nocase; http.host; content:"waapsols.in"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249528/; classtype:trojan-activity;sid:83112628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cu/berramu"; depth:11; endswith; nocase; http.host; content:"vqvrk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249523/; classtype:trojan-activity;sid:83112623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/dsites"; depth:12; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249524/; classtype:trojan-activity;sid:83112624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtui/veueqclmitu"; depth:17; endswith; nocase; http.host; content:"thetataeureka.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249525/; classtype:trojan-activity;sid:83112625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ole/tepcrretsanuqouome"; depth:23; endswith; nocase; http.host; content:"lnogx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249516/; classtype:trojan-activity;sid:83112616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/pardntrusaea"; depth:16; endswith; nocase; http.host; content:"rotaryale.org"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249517/; classtype:trojan-activity;sid:83112617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/antelidgei"; depth:14; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249518/; classtype:trojan-activity;sid:83112618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eise/ocuihq"; depth:12; endswith; nocase; http.host; content:"lufgl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249519/; classtype:trojan-activity;sid:83112619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sel/sdsigeintisoms"; depth:19; endswith; nocase; http.host; content:"castilloyasociados.mx"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249520/; classtype:trojan-activity;sid:83112620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me/stsmonpuesutcecrsio"; depth:23; endswith; nocase; http.host; content:"brandimprint.in"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249521/; classtype:trojan-activity;sid:83112621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re/mlaiaqquuai"; depth:15; endswith; nocase; http.host; content:"coulylabadiogoul.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249522/; classtype:trojan-activity;sid:83112622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/turceiunnqusouq"; depth:19; endswith; nocase; http.host; content:"prestige-finsbury-park.co"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249509/; classtype:trojan-activity;sid:83112609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fl/cedtiqauat"; depth:14; endswith; nocase; http.host; content:"apachi.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249510/; classtype:trojan-activity;sid:83112610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/roouidqdmle"; depth:15; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249511/; classtype:trojan-activity;sid:83112611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irmc/aalicatquep"; depth:17; endswith; nocase; http.host; content:"tvglj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249512/; classtype:trojan-activity;sid:83112612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me"; depth:3; endswith; nocase; http.host; content:"diocesiat.it"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249513/; classtype:trojan-activity;sid:83112613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncm/ieomnst"; depth:12; endswith; nocase; http.host; content:"shamgloballlc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249514/; classtype:trojan-activity;sid:83112614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/asedagmmn"; depth:14; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249515/; classtype:trojan-activity;sid:83112615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/rmaiemnemotip"; depth:17; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249508/; classtype:trojan-activity;sid:83112608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snpt/icsutseenno"; depth:17; endswith; nocase; http.host; content:"mtsalmanar.sch.id"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249506/; classtype:trojan-activity;sid:83112606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/lsoiqdubriuao"; depth:17; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249507/; classtype:trojan-activity;sid:83112607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/itstuneaqiidcto"; depth:21; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249498/; classtype:trojan-activity;sid:83112598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iemn/idsfoaftaiiilnbic"; depth:23; endswith; nocase; http.host; content:"menuwiz.com.au"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249499/; classtype:trojan-activity;sid:83112599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nll/estdtoi"; depth:12; endswith; nocase; http.host; content:"plumberpages.com.au"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249500/; classtype:trojan-activity;sid:83112600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/uqateiueeaq"; depth:16; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249501/; classtype:trojan-activity;sid:83112601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip/porisameldo"; depth:15; endswith; nocase; http.host; content:"whizzo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249502/; classtype:trojan-activity;sid:83112602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnna/uaucpmahlr"; depth:16; endswith; nocase; http.host; content:"vongaa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249503/; classtype:trojan-activity;sid:83112603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imev/dsieeru"; depth:13; endswith; nocase; http.host; content:"xgsol.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249504/; classtype:trojan-activity;sid:83112604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn/anvlesmedaiust"; depth:18; endswith; nocase; http.host; content:"povef.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249505/; classtype:trojan-activity;sid:83112605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmm/eltmpecptaroae"; depth:19; endswith; nocase; http.host; content:"thebirlaniyaaraworli.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249495/; classtype:trojan-activity;sid:83112595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vup/vlcsoulupatap"; depth:18; endswith; nocase; http.host; content:"prestigejindalcitybangalore.com"; depth:31; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249496/; classtype:trojan-activity;sid:83112596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/aoattulsaprpurvi"; depth:20; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249497/; classtype:trojan-activity;sid:83112597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/surdoabtlio"; depth:16; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249493/; classtype:trojan-activity;sid:83112593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqen/aioutpto"; depth:14; endswith; nocase; http.host; content:"arenaanimationdelhi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249494/; classtype:trojan-activity;sid:83112594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/ersopoetubism"; depth:19; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249489/; classtype:trojan-activity;sid:83112589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsda/tunstes"; depth:13; endswith; nocase; http.host; content:"ldjab.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249490/; classtype:trojan-activity;sid:83112590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/onurqmsitu"; depth:14; endswith; nocase; http.host; content:"mdpcd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249491/; classtype:trojan-activity;sid:83112591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/tueaa"; depth:11; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249492/; classtype:trojan-activity;sid:83112592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/titafuug"; depth:14; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249482/; classtype:trojan-activity;sid:83112582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ule/oxesqu"; depth:11; endswith; nocase; http.host; content:"pwpze.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249483/; classtype:trojan-activity;sid:83112583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nre/bani"; depth:9; endswith; nocase; http.host; content:"mpncj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249484/; classtype:trojan-activity;sid:83112584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/toevamtuuplt"; depth:16; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249485/; classtype:trojan-activity;sid:83112585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seto/rsarrbloauipteen"; depth:22; endswith; nocase; http.host; content:"mehjt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249486/; classtype:trojan-activity;sid:83112586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ct/tdectipimadi"; depth:16; endswith; nocase; http.host; content:"ozqnb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249487/; classtype:trojan-activity;sid:83112587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/octieacitaeitadcpcu"; depth:23; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249488/; classtype:trojan-activity;sid:83112588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/immagnosamn"; depth:15; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249474/; classtype:trojan-activity;sid:83112574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/sovaetpnntluo"; depth:17; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249475/; classtype:trojan-activity;sid:83112575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/atunsaederupdni"; depth:19; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249476/; classtype:trojan-activity;sid:83112576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/ubusiqaiqdum"; depth:16; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249477/; classtype:trojan-activity;sid:83112577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ausu/idtuoo"; depth:12; endswith; nocase; http.host; content:"restorecoinwallets.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249478/; classtype:trojan-activity;sid:83112578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/tueants"; depth:11; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249479/; classtype:trojan-activity;sid:83112579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/uqafigu"; depth:11; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249480/; classtype:trojan-activity;sid:83112580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/tdscqniotiiiu"; depth:19; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249481/; classtype:trojan-activity;sid:83112581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdau/ptieanarueded"; depth:19; endswith; nocase; http.host; content:"zttgn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249471/; classtype:trojan-activity;sid:83112571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/tdensavnaueeoirenrc"; depth:25; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249472/; classtype:trojan-activity;sid:83112572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/aiparessqeuiro"; depth:20; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249473/; classtype:trojan-activity;sid:83112573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udir/mioqudbssaue"; depth:18; endswith; nocase; http.host; content:"bhbxa.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249470/; classtype:trojan-activity;sid:83112570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiq/iemeuqnae"; depth:14; endswith; nocase; http.host; content:"bnrhr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249469/; classtype:trojan-activity;sid:83112569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/uiqrroaesseisep"; depth:21; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249468/; classtype:trojan-activity;sid:83112568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc/qeunete"; depth:11; endswith; nocase; http.host; content:"bestechscogurgaon.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249463/; classtype:trojan-activity;sid:83112563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stt/sbietatuisseenct"; depth:21; endswith; nocase; http.host; content:"ctrs.fr"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249464/; classtype:trojan-activity;sid:83112564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saae/intdolncisieetitdi"; depth:24; endswith; nocase; http.host; content:"igitangsel.or.id"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249465/; classtype:trojan-activity;sid:83112565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qdo/ilnuhti"; depth:12; endswith; nocase; http.host; content:"drbsons.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249466/; classtype:trojan-activity;sid:83112566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/ouoomlrqed"; depth:15; endswith; nocase; http.host; content:"apachisoftwaresolutions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249467/; classtype:trojan-activity;sid:83112567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/rvmspiusesoo"; depth:16; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249461/; classtype:trojan-activity;sid:83112561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/qauseatipra"; depth:17; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249462/; classtype:trojan-activity;sid:83112562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as/spreipdraerethsrerneeoi"; depth:27; endswith; nocase; http.host; content:"groupazanero.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249456/; classtype:trojan-activity;sid:83112556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uam/tuaid"; depth:10; endswith; nocase; http.host; content:"frmxm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249457/; classtype:trojan-activity;sid:83112557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/miuneqaevae"; depth:15; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249458/; classtype:trojan-activity;sid:83112558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuam/ulrdalomlumo"; depth:18; endswith; nocase; http.host; content:"duh.sx"; depth:6; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249459/; classtype:trojan-activity;sid:83112559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssim/seiiatelcxpob"; depth:19; endswith; nocase; http.host; content:"kegqi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249460/; classtype:trojan-activity;sid:83112560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/abet"; depth:9; endswith; nocase; http.host; content:"apachisoftwaresolutions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249455/; classtype:trojan-activity;sid:83112555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asiq/enlnerdtsvieuoepdplr"; depth:26; endswith; nocase; http.host; content:"imzpn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249448/; classtype:trojan-activity;sid:83112548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suq/nediittuaucnm"; depth:18; endswith; nocase; http.host; content:"jrzxy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249449/; classtype:trojan-activity;sid:83112549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssim/utiseqs"; depth:13; endswith; nocase; http.host; content:"kegqi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249450/; classtype:trojan-activity;sid:83112550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/aiuquqi"; depth:13; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249451/; classtype:trojan-activity;sid:83112551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/iteenuldrsvte"; depth:17; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249452/; classtype:trojan-activity;sid:83112552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuo/tevle"; depth:10; endswith; nocase; http.host; content:"hturgut.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249453/; classtype:trojan-activity;sid:83112553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhii/valeb"; depth:11; endswith; nocase; http.host; content:"dstech.com.sa"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249454/; classtype:trojan-activity;sid:83112554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqen/ucetastlude"; depth:17; endswith; nocase; http.host; content:"arenaanimationdelhi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249446/; classtype:trojan-activity;sid:83112546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/tlulaimugfi"; depth:17; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249447/; classtype:trojan-activity;sid:83112547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo/mautseoupvrlr"; depth:17; endswith; nocase; http.host; content:"grandaffairs.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249445/; classtype:trojan-activity;sid:83112545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/dmeodis"; depth:12; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249442/; classtype:trojan-activity;sid:83112542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/erquuesotqecnaua"; depth:22; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249443/; classtype:trojan-activity;sid:83112543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as/qeaebuopxilca"; depth:17; endswith; nocase; http.host; content:"groupazanero.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249444/; classtype:trojan-activity;sid:83112544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ai/iduaeaeutaprnd"; depth:18; endswith; nocase; http.host; content:"klynworkhungary.hu"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249438/; classtype:trojan-activity;sid:83112538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uuie/tlrieaitamtstuovpev"; depth:25; endswith; nocase; http.host; content:"capdigisoft.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249439/; classtype:trojan-activity;sid:83112539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atiu/etmtanodu"; depth:15; endswith; nocase; http.host; content:"datawrapped.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249440/; classtype:trojan-activity;sid:83112540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li/etureoualvmmtpr"; depth:19; endswith; nocase; http.host; content:"dogrukalipplastik.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249441/; classtype:trojan-activity;sid:83112541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/liiamaqlausa"; depth:18; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249428/; classtype:trojan-activity;sid:83112528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eib"; depth:4; endswith; nocase; http.host; content:"biditarim.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249429/; classtype:trojan-activity;sid:83112529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/qeuataie"; depth:14; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249430/; classtype:trojan-activity;sid:83112530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic/aetasil"; depth:11; endswith; nocase; http.host; content:"juqts.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249431/; classtype:trojan-activity;sid:83112531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li/ecapbldsxeoi"; depth:16; endswith; nocase; http.host; content:"dogrukalipplastik.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249432/; classtype:trojan-activity;sid:83112532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naot/nfugiit"; depth:13; endswith; nocase; http.host; content:"cpziu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249433/; classtype:trojan-activity;sid:83112533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rir/eqdrlamuomisuqo"; depth:20; endswith; nocase; http.host; content:"iymuy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249434/; classtype:trojan-activity;sid:83112534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/uagfsoimn"; depth:14; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249435/; classtype:trojan-activity;sid:83112535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/eruita"; depth:10; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249436/; classtype:trojan-activity;sid:83112536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/euipmsam"; depth:12; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249437/; classtype:trojan-activity;sid:83112537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rdns/touitecccaa"; depth:17; endswith; nocase; http.host; content:"brucewagner.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249424/; classtype:trojan-activity;sid:83112524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc/rorotep"; depth:11; endswith; nocase; http.host; content:"bestechscogurgaon.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249425/; classtype:trojan-activity;sid:83112525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uam/otveletmlavup"; depth:18; endswith; nocase; http.host; content:"frmxm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249426/; classtype:trojan-activity;sid:83112526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fl/seocaatclaciai"; depth:18; endswith; nocase; http.host; content:"apachi.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249427/; classtype:trojan-activity;sid:83112527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/oaemirtsu"; depth:13; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249419/; classtype:trojan-activity;sid:83112519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otau/iacnmsetpeu"; depth:17; endswith; nocase; http.host; content:"isknm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249420/; classtype:trojan-activity;sid:83112520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/iosmiuitdsiafsggn"; depth:21; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249421/; classtype:trojan-activity;sid:83112521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocii/rrrreopssieumae"; depth:21; endswith; nocase; http.host; content:"ipngm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249422/; classtype:trojan-activity;sid:83112522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sel/ilfsadtaciic"; depth:17; endswith; nocase; http.host; content:"castilloyasociados.mx"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249423/; classtype:trojan-activity;sid:83112523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as/aulessptovt"; depth:15; endswith; nocase; http.host; content:"groupazanero.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249414/; classtype:trojan-activity;sid:83112514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pri/reldeosod"; depth:14; endswith; nocase; http.host; content:"bencohospitex.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249415/; classtype:trojan-activity;sid:83112515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuam/eneirepteohrdnnr"; depth:22; endswith; nocase; http.host; content:"duh.sx"; depth:6; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249416/; classtype:trojan-activity;sid:83112516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/du/aateutbe"; depth:12; endswith; nocase; http.host; content:"kiekx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249417/; classtype:trojan-activity;sid:83112517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/du/upttcisuis"; depth:14; endswith; nocase; http.host; content:"kiekx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249418/; classtype:trojan-activity;sid:83112518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/nssicetinmoun"; depth:19; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249413/; classtype:trojan-activity;sid:83112513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/euaqits"; depth:13; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249408/; classtype:trojan-activity;sid:83112508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/oremqoeeuurdlrm"; depth:21; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249409/; classtype:trojan-activity;sid:83112509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/otepaecilxb"; depth:15; endswith; nocase; http.host; content:"axfac.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249410/; classtype:trojan-activity;sid:83112510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocii/alantpecemo"; depth:17; endswith; nocase; http.host; content:"ipngm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249411/; classtype:trojan-activity;sid:83112511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/uanatumucscqii"; depth:18; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249412/; classtype:trojan-activity;sid:83112512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/qmuineucosm"; depth:15; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249406/; classtype:trojan-activity;sid:83112506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeta/veguofar"; depth:14; endswith; nocase; http.host; content:"cavle.hr"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249407/; classtype:trojan-activity;sid:83112507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/rorurericptmu"; depth:17; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249403/; classtype:trojan-activity;sid:83112503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/omqrhuua"; depth:14; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249404/; classtype:trojan-activity;sid:83112504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/eluutcpmqaosvu"; depth:18; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249405/; classtype:trojan-activity;sid:83112505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ite/tcaodmomroimep"; depth:19; endswith; nocase; http.host; content:"iuvhb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249401/; classtype:trojan-activity;sid:83112501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/me"; depth:3; endswith; nocase; http.host; content:"diocesiat.it"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249402/; classtype:trojan-activity;sid:83112502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/dseseneu"; depth:14; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249397/; classtype:trojan-activity;sid:83112497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uise/trvoteaomasapbiumoll"; depth:26; endswith; nocase; http.host; content:"hchxs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249398/; classtype:trojan-activity;sid:83112498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/gismmtsaiussinccnauodi"; depth:26; endswith; nocase; http.host; content:"ifyzt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249399/; classtype:trojan-activity;sid:83112499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiic/tsesde"; depth:12; endswith; nocase; http.host; content:"fxtradeoption24.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249400/; classtype:trojan-activity;sid:83112500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro"; depth:3; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249389/; classtype:trojan-activity;sid:83112489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/oidsmctitttnoai"; depth:19; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249390/; classtype:trojan-activity;sid:83112490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/curemquuasnotqa"; depth:19; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249391/; classtype:trojan-activity;sid:83112491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sel/sdsigeintisoms"; depth:19; endswith; nocase; http.host; content:"castilloyasociados.mx"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249392/; classtype:trojan-activity;sid:83112492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecir/irumipsnamae"; depth:18; endswith; nocase; http.host; content:"dxbnewlaunch.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249393/; classtype:trojan-activity;sid:83112493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iin/oeorcohademtriltc"; depth:22; endswith; nocase; http.host; content:"cnnnewsnigeria.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249394/; classtype:trojan-activity;sid:83112494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/est/simneirtoaoare"; depth:19; endswith; nocase; http.host; content:"filibeli.com.bd"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249395/; classtype:trojan-activity;sid:83112495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tete/banno"; depth:11; endswith; nocase; http.host; content:"internifi.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249396/; classtype:trojan-activity;sid:83112496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuam/ourpetmiro"; depth:16; endswith; nocase; http.host; content:"duh.sx"; depth:6; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249386/; classtype:trojan-activity;sid:83112486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rip/tpolsraeovletbau"; depth:21; endswith; nocase; http.host; content:"decorbazaar.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249387/; classtype:trojan-activity;sid:83112487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/aairummsep"; depth:16; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249388/; classtype:trojan-activity;sid:83112488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/trnnoimieeidscxeceeatiir"; depth:30; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249382/; classtype:trojan-activity;sid:83112482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iiic/oeilusml"; depth:14; endswith; nocase; http.host; content:"fxtradeoption24.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249383/; classtype:trojan-activity;sid:83112483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhii/enmgdnauma"; depth:16; endswith; nocase; http.host; content:"dstech.com.sa"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249384/; classtype:trojan-activity;sid:83112484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rio/oispvnumuastl"; depth:18; endswith; nocase; http.host; content:"expoart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249385/; classtype:trojan-activity;sid:83112485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eib/usedecsdlte"; depth:16; endswith; nocase; http.host; content:"biditarim.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249377/; classtype:trojan-activity;sid:83112477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/ausduotnel"; depth:14; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249378/; classtype:trojan-activity;sid:83112478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/lldiueliamgen"; depth:17; endswith; nocase; http.host; content:"eyirs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249379/; classtype:trojan-activity;sid:83112479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/namdimise"; depth:15; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249380/; classtype:trojan-activity;sid:83112480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rot/aitmunmsni"; depth:15; endswith; nocase; http.host; content:"bidifarm.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249381/; classtype:trojan-activity;sid:83112481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsi/ouumlqoeetard"; depth:18; endswith; nocase; http.host; content:"cixjd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249376/; classtype:trojan-activity;sid:83112476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsi/tiifsiuofc"; depth:15; endswith; nocase; http.host; content:"cixjd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249371/; classtype:trojan-activity;sid:83112471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/mtaltveptueo"; depth:16; endswith; nocase; http.host; content:"gcpgp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249372/; classtype:trojan-activity;sid:83112472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utet/tenroasuv"; depth:15; endswith; nocase; http.host; content:"cwnuf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249373/; classtype:trojan-activity;sid:83112473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vm/aruhtme"; depth:11; endswith; nocase; http.host; content:"jawqm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249374/; classtype:trojan-activity;sid:83112474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/utfagtaiu"; depth:13; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249375/; classtype:trojan-activity;sid:83112475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utet/luauudmqinita"; depth:19; endswith; nocase; http.host; content:"cwnuf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249370/; classtype:trojan-activity;sid:83112470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/mumeuspi"; depth:14; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249367/; classtype:trojan-activity;sid:83112467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udir/samoicocatcraeei"; depth:22; endswith; nocase; http.host; content:"bhbxa.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249368/; classtype:trojan-activity;sid:83112468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/riedealxmmomo"; depth:18; endswith; nocase; http.host; content:"apachisoftwaresolutions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249369/; classtype:trojan-activity;sid:83112469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuo/etpdouenerm"; depth:16; endswith; nocase; http.host; content:"hturgut.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249364/; classtype:trojan-activity;sid:83112464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cts/auqllmamu"; depth:14; endswith; nocase; http.host; content:"innovative23.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249365/; classtype:trojan-activity;sid:83112465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alb/iieaxqutdep"; depth:16; endswith; nocase; http.host; content:"infisystems.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249366/; classtype:trojan-activity;sid:83112466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/oeetvr"; depth:10; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249362/; classtype:trojan-activity;sid:83112462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ood/uqcpiisourrt"; depth:17; endswith; nocase; http.host; content:"araceliescobarchavez.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249363/; classtype:trojan-activity;sid:83112463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh/uqnoltrdoesceunoru"; depth:22; endswith; nocase; http.host; content:"invitoproperty.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249357/; classtype:trojan-activity;sid:83112457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cts/rsrutumenaaerpa"; depth:20; endswith; nocase; http.host; content:"innovative23.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249358/; classtype:trojan-activity;sid:83112458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rip/smutusdnici"; depth:16; endswith; nocase; http.host; content:"decorbazaar.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249359/; classtype:trojan-activity;sid:83112459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/ufteisgt"; depth:13; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249360/; classtype:trojan-activity;sid:83112460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/eiuouptavmatvlt"; depth:20; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249361/; classtype:trojan-activity;sid:83112461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/upmais"; depth:10; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249354/; classtype:trojan-activity;sid:83112454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/bnlldetisiviait"; depth:21; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249355/; classtype:trojan-activity;sid:83112455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ernd/quetucme"; depth:14; endswith; nocase; http.host; content:"canberracomms.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249356/; classtype:trojan-activity;sid:83112456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stt/cuosestldee"; depth:16; endswith; nocase; http.host; content:"ctrs.fr"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249351/; classtype:trojan-activity;sid:83112451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/eutiaicdqs"; depth:14; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249352/; classtype:trojan-activity;sid:83112452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/mpevoiuletaitmn"; depth:21; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249353/; classtype:trojan-activity;sid:83112453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umc/sbtrmopeietu"; depth:17; endswith; nocase; http.host; content:"imtwebinar.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249340/; classtype:trojan-activity;sid:83112440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/leuietplrucnxa"; depth:19; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249341/; classtype:trojan-activity;sid:83112441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rio/llilaosia"; depth:14; endswith; nocase; http.host; content:"expoart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249342/; classtype:trojan-activity;sid:83112442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/asiodbteotsscneuii"; depth:24; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249343/; classtype:trojan-activity;sid:83112443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re/nusqmiuo"; depth:12; endswith; nocase; http.host; content:"coulylabadiogoul.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249344/; classtype:trojan-activity;sid:83112444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/rpestnidvnuto"; depth:19; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249345/; classtype:trojan-activity;sid:83112445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic/tiists"; depth:10; endswith; nocase; http.host; content:"juqts.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249346/; classtype:trojan-activity;sid:83112446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/eubmerrorustimp"; depth:20; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249347/; classtype:trojan-activity;sid:83112447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo/tleeaomudor"; depth:15; endswith; nocase; http.host; content:"axuon.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249348/; classtype:trojan-activity;sid:83112448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/ltpaceaqsui"; depth:17; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249349/; classtype:trojan-activity;sid:83112449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/luiroqmededo"; depth:16; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249350/; classtype:trojan-activity;sid:83112450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/tiseuq"; depth:10; endswith; nocase; http.host; content:"goayurvedaindia.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249336/; classtype:trojan-activity;sid:83112436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/odorsoesel"; depth:16; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249337/; classtype:trojan-activity;sid:83112437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/nsuqiii"; depth:13; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249338/; classtype:trojan-activity;sid:83112438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/omanigmsin"; depth:14; endswith; nocase; http.host; content:"gcpgp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249339/; classtype:trojan-activity;sid:83112439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuam/inemte"; depth:12; endswith; nocase; http.host; content:"duh.sx"; depth:6; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249334/; classtype:trojan-activity;sid:83112434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic/lliumatu"; depth:12; endswith; nocase; http.host; content:"juqts.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249335/; classtype:trojan-activity;sid:83112435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea/iqluloos"; depth:12; endswith; nocase; http.host; content:"bw.gl"; depth:5; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249330/; classtype:trojan-activity;sid:83112430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/emlcodmtvioi"; depth:18; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249331/; classtype:trojan-activity;sid:83112431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nul"; depth:4; endswith; nocase; http.host; content:"guipc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249332/; classtype:trojan-activity;sid:83112432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeta"; depth:5; endswith; nocase; http.host; content:"cavle.hr"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249333/; classtype:trojan-activity;sid:83112433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/preiaatmviel"; depth:18; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249325/; classtype:trojan-activity;sid:83112425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eib/ggmaainuamtf"; depth:17; endswith; nocase; http.host; content:"biditarim.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249326/; classtype:trojan-activity;sid:83112426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/abtluvoisteptu"; depth:20; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249327/; classtype:trojan-activity;sid:83112427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suq/oiqrmsaiue"; depth:15; endswith; nocase; http.host; content:"jrzxy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249328/; classtype:trojan-activity;sid:83112428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/inigedauadeesnslm"; depth:22; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249329/; classtype:trojan-activity;sid:83112429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sel/iaeslsiematop"; depth:18; endswith; nocase; http.host; content:"castilloyasociados.mx"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249323/; classtype:trojan-activity;sid:83112423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rp/lriagfaoamobutis"; depth:20; endswith; nocase; http.host; content:"evropski-projekti.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249324/; classtype:trojan-activity;sid:83112424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ernd/itetvvneeile"; depth:18; endswith; nocase; http.host; content:"canberracomms.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249320/; classtype:trojan-activity;sid:83112420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uise/retme"; depth:11; endswith; nocase; http.host; content:"hchxs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249321/; classtype:trojan-activity;sid:83112421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsi/ulsoetast"; depth:14; endswith; nocase; http.host; content:"cixjd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249322/; classtype:trojan-activity;sid:83112422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naot/ipleaavteact"; depth:18; endswith; nocase; http.host; content:"cpziu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249311/; classtype:trojan-activity;sid:83112411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/ouoltadr"; depth:14; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249312/; classtype:trojan-activity;sid:83112412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uam/oataoitcnthreecir"; depth:22; endswith; nocase; http.host; content:"frmxm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249313/; classtype:trojan-activity;sid:83112413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuam/oqinu"; depth:11; endswith; nocase; http.host; content:"duh.sx"; depth:6; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249314/; classtype:trojan-activity;sid:83112414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/imtiofssupgus"; depth:18; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249315/; classtype:trojan-activity;sid:83112415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsi/bdamieitp"; depth:14; endswith; nocase; http.host; content:"cixjd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249316/; classtype:trojan-activity;sid:83112416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuam/iaoqdtisu"; depth:15; endswith; nocase; http.host; content:"duh.sx"; depth:6; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249317/; classtype:trojan-activity;sid:83112417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/sinetums"; depth:14; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249318/; classtype:trojan-activity;sid:83112418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocii/atditectepiu"; depth:18; endswith; nocase; http.host; content:"ipngm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249319/; classtype:trojan-activity;sid:83112419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/ptesooerbumrintai"; depth:21; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249306/; classtype:trojan-activity;sid:83112406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh/iuadisliquq"; depth:15; endswith; nocase; http.host; content:"invitoproperty.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249307/; classtype:trojan-activity;sid:83112407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/sattviee"; depth:12; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249308/; classtype:trojan-activity;sid:83112408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ett/osaminibsp"; depth:15; endswith; nocase; http.host; content:"ciaorides.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249309/; classtype:trojan-activity;sid:83112409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea/deireteersbdiphietrn"; depth:24; endswith; nocase; http.host; content:"hvntech.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249310/; classtype:trojan-activity;sid:83112410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeta/ometnu"; depth:12; endswith; nocase; http.host; content:"cavle.hr"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249289/; classtype:trojan-activity;sid:83112389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/uiqte"; depth:10; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249290/; classtype:trojan-activity;sid:83112390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/saasumculndpea"; depth:20; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249291/; classtype:trojan-activity;sid:83112391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/iosltolebtviaurubp"; depth:23; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249292/; classtype:trojan-activity;sid:83112392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuo/oelcssdearnetismaau"; depth:24; endswith; nocase; http.host; content:"hturgut.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249293/; classtype:trojan-activity;sid:83112393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuam/lndbsioroo"; depth:16; endswith; nocase; http.host; content:"duh.sx"; depth:6; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249294/; classtype:trojan-activity;sid:83112394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea/iiuiimlidaqeslqu"; depth:20; endswith; nocase; http.host; content:"bw.gl"; depth:5; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249295/; classtype:trojan-activity;sid:83112395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uq/smersadelenldpseaunu"; depth:24; endswith; nocase; http.host; content:"californax.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249296/; classtype:trojan-activity;sid:83112396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oll/luiomotmoadmtupvc"; depth:22; endswith; nocase; http.host; content:"emprendedorimbatible.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249297/; classtype:trojan-activity;sid:83112397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ite/mndeiuaraatudpee"; depth:21; endswith; nocase; http.host; content:"iuvhb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249298/; classtype:trojan-activity;sid:83112398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iris/ipiiccdihas"; depth:17; endswith; nocase; http.host; content:"dpjlg.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249299/; classtype:trojan-activity;sid:83112399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocii/pnuquertaraasi"; depth:20; endswith; nocase; http.host; content:"ipngm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249300/; classtype:trojan-activity;sid:83112400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo/loeptvumttua"; depth:16; endswith; nocase; http.host; content:"axuon.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249301/; classtype:trojan-activity;sid:83112401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/qiohcu"; depth:12; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249302/; classtype:trojan-activity;sid:83112402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea/uatieoseq"; depth:13; endswith; nocase; http.host; content:"hvntech.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249303/; classtype:trojan-activity;sid:83112403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecir/ldrfiaecoofio"; depth:19; endswith; nocase; http.host; content:"dxbnewlaunch.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249304/; classtype:trojan-activity;sid:83112404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/itduaelqi"; depth:13; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249305/; classtype:trojan-activity;sid:83112405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utet/adid"; depth:10; endswith; nocase; http.host; content:"cwnuf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249286/; classtype:trojan-activity;sid:83112386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsi/ealpctu"; depth:12; endswith; nocase; http.host; content:"cixjd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249287/; classtype:trojan-activity;sid:83112387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rot/neiqsouma"; depth:14; endswith; nocase; http.host; content:"bidifarm.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249288/; classtype:trojan-activity;sid:83112388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otau/lessodtroi"; depth:16; endswith; nocase; http.host; content:"isknm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249284/; classtype:trojan-activity;sid:83112384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/sitibsoscpuni"; depth:17; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249285/; classtype:trojan-activity;sid:83112385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/trvniaeeodp"; depth:17; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249278/; classtype:trojan-activity;sid:83112378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nul/nmtesiia"; depth:13; endswith; nocase; http.host; content:"guipc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249279/; classtype:trojan-activity;sid:83112379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/utseiq"; depth:10; endswith; nocase; http.host; content:"axfac.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249280/; classtype:trojan-activity;sid:83112380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/retuepllta"; depth:14; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249281/; classtype:trojan-activity;sid:83112381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/lmseitauulimerpn"; depth:20; endswith; nocase; http.host; content:"axfac.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249282/; classtype:trojan-activity;sid:83112382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm/ueaomvspqtlotu"; depth:18; endswith; nocase; http.host; content:"grupogolfo.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249283/; classtype:trojan-activity;sid:83112383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/drleosoet"; depth:14; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249276/; classtype:trojan-activity;sid:83112376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/mtuislaeoiser"; depth:19; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249277/; classtype:trojan-activity;sid:83112377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/psueaate"; depth:12; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249269/; classtype:trojan-activity;sid:83112369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eib/tuemeontlpvia"; depth:18; endswith; nocase; http.host; content:"biditarim.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249270/; classtype:trojan-activity;sid:83112370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eib/rltehpdmorreodrieene"; depth:25; endswith; nocase; http.host; content:"biditarim.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249271/; classtype:trojan-activity;sid:83112371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiq/tainseutq"; depth:14; endswith; nocase; http.host; content:"bnrhr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249272/; classtype:trojan-activity;sid:83112372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eul/etuuteosccnrt"; depth:18; endswith; nocase; http.host; content:"fesuw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249273/; classtype:trojan-activity;sid:83112373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in"; depth:3; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249274/; classtype:trojan-activity;sid:83112374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/urqscatcuhenio"; depth:20; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249275/; classtype:trojan-activity;sid:83112375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/enima"; depth:11; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249268/; classtype:trojan-activity;sid:83112368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qer/ismputu"; depth:12; endswith; nocase; http.host; content:"advanzogroup.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249266/; classtype:trojan-activity;sid:83112366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qer/easnstbiusiceuntst"; depth:23; endswith; nocase; http.host; content:"advanzogroup.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249267/; classtype:trojan-activity;sid:83112367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/rucemlquosoed"; depth:17; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249265/; classtype:trojan-activity;sid:83112365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/toronisld"; depth:13; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249264/; classtype:trojan-activity;sid:83112364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/uiuaqt"; depth:10; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249262/; classtype:trojan-activity;sid:83112362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtuu/teoes"; depth:11; endswith; nocase; http.host; content:"afrozaway.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249263/; classtype:trojan-activity;sid:83112363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/timdoocmpmiied"; depth:18; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249261/; classtype:trojan-activity;sid:83112361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vutm/antotopepesii"; depth:19; endswith; nocase; http.host; content:"aliteswitch.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249259/; classtype:trojan-activity;sid:83112359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vutm/eqtuumisnia"; depth:17; endswith; nocase; http.host; content:"aliteswitch.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249260/; classtype:trojan-activity;sid:83112360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qer/medui"; depth:10; endswith; nocase; http.host; content:"advanzogroup.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249258/; classtype:trojan-activity;sid:83112358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau/scoiamnutiidqt"; depth:19; endswith; nocase; http.host; content:"akscon.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249256/; classtype:trojan-activity;sid:83112356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quia/smidtunsiebi"; depth:18; endswith; nocase; http.host; content:"adelineairplant.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249257/; classtype:trojan-activity;sid:83112357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quia/rosumsprmebeiiato"; depth:23; endswith; nocase; http.host; content:"adelineairplant.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249250/; classtype:trojan-activity;sid:83112350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quia/fagnimsuuti"; depth:17; endswith; nocase; http.host; content:"adelineairplant.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249251/; classtype:trojan-activity;sid:83112351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtuu/txrpmoeee"; depth:15; endswith; nocase; http.host; content:"afrozaway.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249252/; classtype:trojan-activity;sid:83112352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quia/ntdsuibilsiaei"; depth:20; endswith; nocase; http.host; content:"adelineairplant.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249253/; classtype:trojan-activity;sid:83112353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/antelidgei"; depth:14; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249254/; classtype:trojan-activity;sid:83112354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtuu/oemmnnei"; depth:14; endswith; nocase; http.host; content:"afrozaway.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249255/; classtype:trojan-activity;sid:83112355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quia"; depth:5; endswith; nocase; http.host; content:"adelineairplant.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249247/; classtype:trojan-activity;sid:83112347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vutm"; depth:5; endswith; nocase; http.host; content:"aliteswitch.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249248/; classtype:trojan-activity;sid:83112348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oa/edcaslisif"; depth:14; endswith; nocase; http.host; content:"afrishopr.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249249/; classtype:trojan-activity;sid:83112349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.113.23.192"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249246/; classtype:trojan-activity;sid:83112346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma/fdlaunchera.exe"; depth:19; endswith; nocase; http.host; content:"103.98.160.175"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249245/; classtype:trojan-activity;sid:83112345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.118.19"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249244/; classtype:trojan-activity;sid:83112344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.221.179.202"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249243/; classtype:trojan-activity;sid:83112343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.99.173"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249241/; classtype:trojan-activity;sid:83112341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.60.82.163"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249242/; classtype:trojan-activity;sid:83112342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.68.101.165"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249239/; classtype:trojan-activity;sid:83112339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.14.122.108"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249240/; classtype:trojan-activity;sid:83112340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.130.203.133"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249238/; classtype:trojan-activity;sid:83112338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.4.199.85"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249237/; classtype:trojan-activity;sid:83112337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-down/fodhelper.exe"; depth:22; endswith; nocase; http.host; content:"jrfurnace.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249236/; classtype:trojan-activity;sid:83112336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh/x86"; depth:8; endswith; nocase; http.host; content:"2.58.149.116"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249235/; classtype:trojan-activity;sid:83112335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"105.255.187.39"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249234/; classtype:trojan-activity;sid:83112334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.187.210.206"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249233/; classtype:trojan-activity;sid:83112333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pixel.png"; depth:10; endswith; nocase; http.host; content:"f9e8096d.step.ifsguy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249232/; classtype:trojan-activity;sid:83112332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.41.24.92"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249231/; classtype:trojan-activity;sid:83112331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.62.223.108"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249230/; classtype:trojan-activity;sid:83112330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-down/mmgaserver.exe"; depth:23; endswith; nocase; http.host; content:"jrfurnace.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249229/; classtype:trojan-activity;sid:83112329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-down/setspn.exe"; depth:19; endswith; nocase; http.host; content:"jrfurnace.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249228/; classtype:trojan-activity;sid:83112328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.145.228.149"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249227/; classtype:trojan-activity;sid:83112327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.239.138.137"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249226/; classtype:trojan-activity;sid:83112326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.83.152.51"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249225/; classtype:trojan-activity;sid:83112325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.212.116.126"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249224/; classtype:trojan-activity;sid:83112324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.85.251.5"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249223/; classtype:trojan-activity;sid:83112323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.63.67.205"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249222/; classtype:trojan-activity;sid:83112322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.69.247.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249221/; classtype:trojan-activity;sid:83112321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.135.173.101"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249220/; classtype:trojan-activity;sid:83112320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.25.205.173"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249219/; classtype:trojan-activity;sid:83112319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.201.99.224"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249218/; classtype:trojan-activity;sid:83112318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"50.41.85.96"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249217/; classtype:trojan-activity;sid:83112317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.11.29"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249216/; classtype:trojan-activity;sid:83112316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.204.214.25"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249214/; classtype:trojan-activity;sid:83112314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.82.221"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_25; reference:url, urlhaus.abuse.ch/url/2249215/; classtype:trojan-activity;sid:83112315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.227.223.22"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249213/; classtype:trojan-activity;sid:83112313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.239.170.120"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249212/; classtype:trojan-activity;sid:83112312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.174.183.209"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249211/; classtype:trojan-activity;sid:83112311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.38.193.70"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249210/; classtype:trojan-activity;sid:83112310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.118.183.239"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249209/; classtype:trojan-activity;sid:83112309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.57.24"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249208/; classtype:trojan-activity;sid:83112308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.30.174.182"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249207/; classtype:trojan-activity;sid:83112307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/om5jk93.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249206/; classtype:trojan-activity;sid:83112306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"68.207.212.93"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249205/; classtype:trojan-activity;sid:83112305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/i3xw6ge.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249200/; classtype:trojan-activity;sid:83112300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/5gauus2.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249201/; classtype:trojan-activity;sid:83112301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/at4vgkr.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249202/; classtype:trojan-activity;sid:83112302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/xjwt2vc.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249203/; classtype:trojan-activity;sid:83112303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/9bogkza.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249204/; classtype:trojan-activity;sid:83112304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/euwj8iq.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249195/; classtype:trojan-activity;sid:83112295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/dazzling-tiger-354110.appspot.com/o/tazrive5z0%2fdocument.zip|3f|alt=media|7c|26|7c|token=a27a8b62-e3f5-46ca-b873-b592211e3dbc"; depth:132; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249196/; classtype:trojan-activity;sid:83112296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/2dwbjxm.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249197/; classtype:trojan-activity;sid:83112297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/fk4ll34.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249198/; classtype:trojan-activity;sid:83112298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/vw1aps4.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249199/; classtype:trojan-activity;sid:83112299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/qh3dej8.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249158/; classtype:trojan-activity;sid:83112258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/kmg75sb.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249159/; classtype:trojan-activity;sid:83112259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/rs7hwln.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249160/; classtype:trojan-activity;sid:83112260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/du0qcnj.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249161/; classtype:trojan-activity;sid:83112261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/fzdt92j.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249162/; classtype:trojan-activity;sid:83112262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/52noi8l.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249163/; classtype:trojan-activity;sid:83112263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/5xzigdx.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249164/; classtype:trojan-activity;sid:83112264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/rul916e.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249165/; classtype:trojan-activity;sid:83112265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/wy1qigh.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249166/; classtype:trojan-activity;sid:83112266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/n47zhsx.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249167/; classtype:trojan-activity;sid:83112267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/5wt5xb4.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249168/; classtype:trojan-activity;sid:83112268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/pv7qbj2.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249169/; classtype:trojan-activity;sid:83112269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/3facwou.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249170/; classtype:trojan-activity;sid:83112270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/fn51wwk.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249171/; classtype:trojan-activity;sid:83112271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/q1hh2kg.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249172/; classtype:trojan-activity;sid:83112272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/73pmcjz.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249173/; classtype:trojan-activity;sid:83112273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/5cifznt.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249174/; classtype:trojan-activity;sid:83112274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/ywmq52x.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249175/; classtype:trojan-activity;sid:83112275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/9sy4vku.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249176/; classtype:trojan-activity;sid:83112276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/lmoe4g4.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249177/; classtype:trojan-activity;sid:83112277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/ay3hgmq.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249178/; classtype:trojan-activity;sid:83112278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/fj3rtmf.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249179/; classtype:trojan-activity;sid:83112279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/1dxloji.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249180/; classtype:trojan-activity;sid:83112280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/toir1e7.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249181/; classtype:trojan-activity;sid:83112281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/fs8cmji.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249182/; classtype:trojan-activity;sid:83112282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/0xvxe1j.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249183/; classtype:trojan-activity;sid:83112283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/npvd7wv.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249184/; classtype:trojan-activity;sid:83112284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/ry0afxr.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249185/; classtype:trojan-activity;sid:83112285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/4lnajnu.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249186/; classtype:trojan-activity;sid:83112286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/it3aeem.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249187/; classtype:trojan-activity;sid:83112287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/l70vmer.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249188/; classtype:trojan-activity;sid:83112288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/3nhyhbs.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249189/; classtype:trojan-activity;sid:83112289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/or1wwac.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249190/; classtype:trojan-activity;sid:83112290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/wl7bnke.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249191/; classtype:trojan-activity;sid:83112291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/3nqsmsg.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249192/; classtype:trojan-activity;sid:83112292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/iqaq3t8.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249193/; classtype:trojan-activity;sid:83112293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs86sgdl.appspot.com/o/11q8ji3.htm"; depth:35; endswith; nocase; http.host; content:"storage.googleapis.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249194/; classtype:trojan-activity;sid:83112294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"86.101.171.151"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249157/; classtype:trojan-activity;sid:83112257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.223.168.202"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249156/; classtype:trojan-activity;sid:83112256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.123.12.67"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249155/; classtype:trojan-activity;sid:83112255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"112.104.64.90"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249154/; classtype:trojan-activity;sid:83112254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.26.210.157"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249153/; classtype:trojan-activity;sid:83112253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.181.56.34"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249152/; classtype:trojan-activity;sid:83112252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.30.234.103"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249150/; classtype:trojan-activity;sid:83112250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.82.17"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249151/; classtype:trojan-activity;sid:83112251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.98.26.35"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249149/; classtype:trojan-activity;sid:83112249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"112.31.76.169"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249148/; classtype:trojan-activity;sid:83112248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.13.36.121"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249147/; classtype:trojan-activity;sid:83112247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.241.4.161"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249146/; classtype:trojan-activity;sid:83112246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.71.214.150"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249145/; classtype:trojan-activity;sid:83112245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"211.185.103.61"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249144/; classtype:trojan-activity;sid:83112244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.qbotnet"; depth:16; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249138/; classtype:trojan-activity;sid:83112238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.qbotnet"; depth:16; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249139/; classtype:trojan-activity;sid:83112239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.qbotnet"; depth:15; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249140/; classtype:trojan-activity;sid:83112240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.qbotnet"; depth:15; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249141/; classtype:trojan-activity;sid:83112241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.qbotnet"; depth:16; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249142/; classtype:trojan-activity;sid:83112242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.qbotnet"; depth:15; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249143/; classtype:trojan-activity;sid:83112243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.137.6.124"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249137/; classtype:trojan-activity;sid:83112237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"95.87.76.146"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249136/; classtype:trojan-activity;sid:83112236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.139.202.56"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249135/; classtype:trojan-activity;sid:83112235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"222.114.104.147"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249134/; classtype:trojan-activity;sid:83112234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mress.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249130/; classtype:trojan-activity;sid:83112230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hpqzz.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249131/; classtype:trojan-activity;sid:83112231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebmen.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249132/; classtype:trojan-activity;sid:83112232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcjrf.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249133/; classtype:trojan-activity;sid:83112233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dezhq.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249125/; classtype:trojan-activity;sid:83112225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpbwb.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249126/; classtype:trojan-activity;sid:83112226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zdnrj.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249127/; classtype:trojan-activity;sid:83112227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jrsgr.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249128/; classtype:trojan-activity;sid:83112228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dkdsk.exe"; depth:10; endswith; nocase; http.host; content:"srv87291324.ultasrv.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249129/; classtype:trojan-activity;sid:83112229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"61.223.116.183"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249124/; classtype:trojan-activity;sid:83112224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.53.129.194"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249123/; classtype:trojan-activity;sid:83112223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qbotnet.sh"; depth:11; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249122/; classtype:trojan-activity;sid:83112222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.qbotnet"; depth:16; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249117/; classtype:trojan-activity;sid:83112217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.qbotnet"; depth:16; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249118/; classtype:trojan-activity;sid:83112218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.qbotnet"; depth:16; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249119/; classtype:trojan-activity;sid:83112219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.qbotnet"; depth:16; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249120/; classtype:trojan-activity;sid:83112220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.qbotnet"; depth:15; endswith; nocase; http.host; content:"45.90.161.134"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249121/; classtype:trojan-activity;sid:83112221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.187.249.212"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249116/; classtype:trojan-activity;sid:83112216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.222.197.207"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249115/; classtype:trojan-activity;sid:83112215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.22.8"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249114/; classtype:trojan-activity;sid:83112214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.72.181.107"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249113/; classtype:trojan-activity;sid:83112213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.103.147.33"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249112/; classtype:trojan-activity;sid:83112212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"87.4.27.191"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249111/; classtype:trojan-activity;sid:83112211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70/vbc.exe"; depth:11; endswith; nocase; http.host; content:"104.168.32.43"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249110/; classtype:trojan-activity;sid:83112210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.170.253.46"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249109/; classtype:trojan-activity;sid:83112209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l/llo.exe"; depth:10; endswith; nocase; http.host; content:"107.172.76.188"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249108/; classtype:trojan-activity;sid:83112208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.79.190.90"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249107/; classtype:trojan-activity;sid:83112207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.34.158.213"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249106/; classtype:trojan-activity;sid:83112206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.34.185.8"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249105/; classtype:trojan-activity;sid:83112205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.29.19"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249104/; classtype:trojan-activity;sid:83112204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.52.218.204"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249103/; classtype:trojan-activity;sid:83112203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.110.51.140"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249102/; classtype:trojan-activity;sid:83112202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.183.84.43"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249101/; classtype:trojan-activity;sid:83112201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sysadmin.exe"; depth:19; endswith; nocase; http.host; content:"infinite-stars.net"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249100/; classtype:trojan-activity;sid:83112200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/dkwalkvw"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249098/; classtype:trojan-activity;sid:83112198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/b37gsanv"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249099/; classtype:trojan-activity;sid:83112199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.11.143.245"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249097/; classtype:trojan-activity;sid:83112197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quote_cyilzymp.bmp"; depth:19; endswith; nocase; http.host; content:"192.3.245.147"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249096/; classtype:trojan-activity;sid:83112196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"144.178.132.239"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249094/; classtype:trojan-activity;sid:83112194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.133.59.51"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249095/; classtype:trojan-activity;sid:83112195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.27.225.75"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249093/; classtype:trojan-activity;sid:83112193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.18.218.214"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249092/; classtype:trojan-activity;sid:83112192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/governorzx.exe"; depth:15; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249091/; classtype:trojan-activity;sid:83112191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.235.55.211"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249090/; classtype:trojan-activity;sid:83112190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.172.173.39"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249089/; classtype:trojan-activity;sid:83112189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gevaldigere.exe"; depth:16; endswith; nocase; http.host; content:"185.102.170.122"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249087/; classtype:trojan-activity;sid:83112187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ferlers.exe"; depth:12; endswith; nocase; http.host; content:"tryweaswweee.ydns.eu"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249088/; classtype:trojan-activity;sid:83112188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.178.79.198"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249086/; classtype:trojan-activity;sid:83112186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.121.120.240"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249085/; classtype:trojan-activity;sid:83112185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.69.238.48"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249084/; classtype:trojan-activity;sid:83112184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/180272.dat"; depth:11; endswith; nocase; http.host; content:"185.82.126.45"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249083/; classtype:trojan-activity;sid:83112183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y/loy.exe"; depth:10; endswith; nocase; http.host; content:"107.172.76.188"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249082/; classtype:trojan-activity;sid:83112182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.172.54.7"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249081/; classtype:trojan-activity;sid:83112181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"147.235.229.60"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249080/; classtype:trojan-activity;sid:83112180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"60.12.1.243"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249079/; classtype:trojan-activity;sid:83112179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.227.187.182"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249078/; classtype:trojan-activity;sid:83112178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"60.242.154.62"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249077/; classtype:trojan-activity;sid:83112177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/2yl1sjual9/"; depth:20; endswith; nocase; http.host; content:"creativeme.co.th"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249076/; classtype:trojan-activity;sid:83112176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/ocboikcgol/"; depth:23; endswith; nocase; http.host; content:"decorusfinancial.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249075/; classtype:trojan-activity;sid:83112175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blogs/duxtblmdsyyggxedxu2u/"; depth:28; endswith; nocase; http.host; content:"cunicultura.es"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249073/; classtype:trojan-activity;sid:83112173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/efnhprequ6had9/"; depth:23; endswith; nocase; http.host; content:"cpcwiki.de"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249074/; classtype:trojan-activity;sid:83112174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/p96u1upk"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249072/; classtype:trojan-activity;sid:83112172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ett/osaminibsp"; depth:15; endswith; nocase; http.host; content:"ciaorides.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249071/; classtype:trojan-activity;sid:83112171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sensi.sh"; depth:9; endswith; nocase; http.host; content:"209.141.37.15"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249070/; classtype:trojan-activity;sid:83112170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ogqev-22qujt4srjspmbd5kcyzvaw6vz"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249069/; classtype:trojan-activity;sid:83112169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa/nov_yklgz46.bin"; depth:19; endswith; nocase; http.host; content:"autokema.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249068/; classtype:trojan-activity;sid:83112168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat/spefire_rvteku88.bin"; depth:25; endswith; nocase; http.host; content:"sn.thedylanstewart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249067/; classtype:trojan-activity;sid:83112167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin_lhysaq105.bin"; depth:18; endswith; nocase; http.host; content:"192.3.96.120"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249063/; classtype:trojan-activity;sid:83112163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bn/octnew_uonrsyns171.bin"; depth:26; endswith; nocase; http.host; content:"www.barzdigital.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249064/; classtype:trojan-activity;sid:83112164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin_jgstxk158.bin"; depth:18; endswith; nocase; http.host; content:"coffeesupplies.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249065/; classtype:trojan-activity;sid:83112165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=f191ccc6e999117d|7c|26|7c|resid=f191ccc6e999117d%21309|7c|26|7c|authkey=afbrmfxf_ukv-o4"; depth:104; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249066/; classtype:trojan-activity;sid:83112166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bxaue52c"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249062/; classtype:trojan-activity;sid:83112162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iconos/fw3.exe"; depth:15; endswith; nocase; http.host; content:"cienporcienrenovables.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249061/; classtype:trojan-activity;sid:83112161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/331_331/setup331.exe"; depth:21; endswith; nocase; http.host; content:"pshpshololo.click"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249060/; classtype:trojan-activity;sid:83112160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.240.63.57"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249059/; classtype:trojan-activity;sid:83112159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/niceprocessx64.bmp"; depth:28; endswith; nocase; http.host; content:"193.233.185.125"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249058/; classtype:trojan-activity;sid:83112158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecwlv_lukzcstj.png"; depth:19; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249057/; classtype:trojan-activity;sid:83112157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/752113.dat"; depth:11; endswith; nocase; http.host; content:"209.182.225.214"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249056/; classtype:trojan-activity;sid:83112156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/344351.dat"; depth:11; endswith; nocase; http.host; content:"185.244.149.89"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249055/; classtype:trojan-activity;sid:83112155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.253.153.128"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249054/; classtype:trojan-activity;sid:83112154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.251.153"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249053/; classtype:trojan-activity;sid:83112153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.99.179"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249052/; classtype:trojan-activity;sid:83112152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.3.94.60"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249051/; classtype:trojan-activity;sid:83112151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.205.117.38"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249050/; classtype:trojan-activity;sid:83112150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.100.67.64"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249049/; classtype:trojan-activity;sid:83112149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.243.195.0"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249048/; classtype:trojan-activity;sid:83112148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.169.182.181"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249047/; classtype:trojan-activity;sid:83112147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.182.50.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249046/; classtype:trojan-activity;sid:83112146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.213.228.82"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249045/; classtype:trojan-activity;sid:83112145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.47.125.216"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249044/; classtype:trojan-activity;sid:83112144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65/vbc.exe"; depth:11; endswith; nocase; http.host; content:"104.168.32.43"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249043/; classtype:trojan-activity;sid:83112143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"111.221.133.86"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249042/; classtype:trojan-activity;sid:83112142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lvqe/snouidtsmaapeo"; depth:20; endswith; nocase; http.host; content:"supraseg.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249041/; classtype:trojan-activity;sid:83112141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/onseno"; depth:11; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249039/; classtype:trojan-activity;sid:83112139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctpt/povmtattelue"; depth:18; endswith; nocase; http.host; content:"instantreplys.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249040/; classtype:trojan-activity;sid:83112140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/qeusindlimeui"; depth:17; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249038/; classtype:trojan-activity;sid:83112138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/rorurericptmu"; depth:17; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249032/; classtype:trojan-activity;sid:83112132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etu/inloaitismsee"; depth:18; endswith; nocase; http.host; content:"theexperionwesterlies.com"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249033/; classtype:trojan-activity;sid:83112133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/uiuaqt"; depth:10; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249034/; classtype:trojan-activity;sid:83112134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/ette"; depth:9; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249035/; classtype:trojan-activity;sid:83112135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeso/tevel"; depth:11; endswith; nocase; http.host; content:"32ndavenuegurgaon.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249036/; classtype:trojan-activity;sid:83112136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/eruita"; depth:10; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249037/; classtype:trojan-activity;sid:83112137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/oirnumstn"; depth:15; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249031/; classtype:trojan-activity;sid:83112131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rap/itaturtfeisvig"; depth:19; endswith; nocase; http.host; content:"lefiammegemelle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249027/; classtype:trojan-activity;sid:83112127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/ouartve"; depth:11; endswith; nocase; http.host; content:"neutrosophicassociation.org"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249028/; classtype:trojan-activity;sid:83112128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/tdscqniotiiiu"; depth:19; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249029/; classtype:trojan-activity;sid:83112129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen/siuuqleemieqni"; depth:19; endswith; nocase; http.host; content:"npmohadi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249030/; classtype:trojan-activity;sid:83112130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/rseiuuoti"; depth:15; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249016/; classtype:trojan-activity;sid:83112116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/btrlsaeoe"; depth:14; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249017/; classtype:trojan-activity;sid:83112117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/lsroopdmui"; depth:14; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249018/; classtype:trojan-activity;sid:83112118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/uqafigu"; depth:11; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249019/; classtype:trojan-activity;sid:83112119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/su/mateiepasuicdriot"; depth:21; endswith; nocase; http.host; content:"macdefug.org"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249020/; classtype:trojan-activity;sid:83112120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/ecettrluamueoptvipx"; depth:25; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249021/; classtype:trojan-activity;sid:83112121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/mnvcerieimeaniaottxe"; depth:26; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249022/; classtype:trojan-activity;sid:83112122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/mnieimen"; depth:12; endswith; nocase; http.host; content:"neutrosophicassociation.org"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249023/; classtype:trojan-activity;sid:83112123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oat/uunnsceqruetot"; depth:19; endswith; nocase; http.host; content:"lefiammegemelle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249024/; classtype:trojan-activity;sid:83112124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esp/acistncmiunmuea"; depth:20; endswith; nocase; http.host; content:"theradiant.co.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249025/; classtype:trojan-activity;sid:83112125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el/oreetnntnu"; depth:14; endswith; nocase; http.host; content:"huzurtemizlik.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249026/; classtype:trojan-activity;sid:83112126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/tisunbtnesonseica"; depth:21; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249006/; classtype:trojan-activity;sid:83112106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecir/ldrfiaecoofio"; depth:19; endswith; nocase; http.host; content:"dxbnewlaunch.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249007/; classtype:trojan-activity;sid:83112107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/snmuuqmsiiaoq"; depth:17; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249008/; classtype:trojan-activity;sid:83112108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el/uichiq"; depth:10; endswith; nocase; http.host; content:"huzurtemizlik.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249009/; classtype:trojan-activity;sid:83112109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/urqscatcuhenio"; depth:20; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249010/; classtype:trojan-activity;sid:83112110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/ttnsomrpveideiaeol"; depth:22; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249011/; classtype:trojan-activity;sid:83112111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/est/simneirtoaoare"; depth:19; endswith; nocase; http.host; content:"filibeli.com.bd"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249012/; classtype:trojan-activity;sid:83112112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asiq/vteetpnevtinuaolor"; depth:24; endswith; nocase; http.host; content:"imzpn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249013/; classtype:trojan-activity;sid:83112113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd/tsstinciausetube"; depth:20; endswith; nocase; http.host; content:"arsmagna.mx"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249014/; classtype:trojan-activity;sid:83112114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iin/oeorcohademtriltc"; depth:22; endswith; nocase; http.host; content:"cnnnewsnigeria.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249015/; classtype:trojan-activity;sid:83112115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re/mlaiaqquuai"; depth:15; endswith; nocase; http.host; content:"coulylabadiogoul.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249001/; classtype:trojan-activity;sid:83112101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/cmsrpuoaioqr"; depth:18; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249002/; classtype:trojan-activity;sid:83112102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau/uprocmtonirsi"; depth:18; endswith; nocase; http.host; content:"akscon.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249003/; classtype:trojan-activity;sid:83112103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/omuisnnisb"; depth:14; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249004/; classtype:trojan-activity;sid:83112104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen/esserucnatqoou"; depth:19; endswith; nocase; http.host; content:"npmohadi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249005/; classtype:trojan-activity;sid:83112105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/aetnqasreeiptua"; depth:20; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248989/; classtype:trojan-activity;sid:83112089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/isacltpiansieef"; depth:20; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248990/; classtype:trojan-activity;sid:83112090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea/deireteersbdiphietrn"; depth:24; endswith; nocase; http.host; content:"hvntech.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248991/; classtype:trojan-activity;sid:83112091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iemn/caquelsmuuot"; depth:18; endswith; nocase; http.host; content:"menuwiz.com.au"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248992/; classtype:trojan-activity;sid:83112092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/erafguumr"; depth:15; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248993/; classtype:trojan-activity;sid:83112093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iemn/idsfoaftaiiilnbic"; depth:23; endswith; nocase; http.host; content:"menuwiz.com.au"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248994/; classtype:trojan-activity;sid:83112094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/seleuatqripl"; depth:18; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248995/; classtype:trojan-activity;sid:83112095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/pouttmear"; depth:13; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248996/; classtype:trojan-activity;sid:83112096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/immagnosamn"; depth:15; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248997/; classtype:trojan-activity;sid:83112097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/ubusiqaiqdum"; depth:16; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248998/; classtype:trojan-activity;sid:83112098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/ausduotnel"; depth:14; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248999/; classtype:trojan-activity;sid:83112099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2249000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alb/iieaxqutdep"; depth:16; endswith; nocase; http.host; content:"infisystems.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2249000/; classtype:trojan-activity;sid:83112100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/vlaheitirniits"; depth:20; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248985/; classtype:trojan-activity;sid:83112085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/nttbcteusiseauis"; depth:21; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248986/; classtype:trojan-activity;sid:83112086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea/uatieoseq"; depth:13; endswith; nocase; http.host; content:"hvntech.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248987/; classtype:trojan-activity;sid:83112087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oat/rteudiertpunocrs"; depth:21; endswith; nocase; http.host; content:"lefiammegemelle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248988/; classtype:trojan-activity;sid:83112088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau/uqoavtaluutmpm"; depth:19; endswith; nocase; http.host; content:"akscon.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248982/; classtype:trojan-activity;sid:83112082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/nmlaoutqruelsacu"; depth:22; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248983/; classtype:trojan-activity;sid:83112083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/emisnipa"; depth:12; endswith; nocase; http.host; content:"climatefinancenetwork.org"; depth:25; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248984/; classtype:trojan-activity;sid:83112084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/oleetrbi"; depth:14; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248975/; classtype:trojan-activity;sid:83112075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rreo/amaucmiqul"; depth:16; endswith; nocase; http.host; content:"sujaypaul.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248976/; classtype:trojan-activity;sid:83112076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muo/ursrumsmspoei"; depth:18; endswith; nocase; http.host; content:"mybizwallet.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248977/; classtype:trojan-activity;sid:83112077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/277/vbc.exe"; depth:12; endswith; nocase; http.host; content:"198.12.81.50"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248978/; classtype:trojan-activity;sid:83112078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/lpatteuosv"; depth:16; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248979/; classtype:trojan-activity;sid:83112079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/suevlmleiiqi"; depth:17; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248980/; classtype:trojan-activity;sid:83112080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or/ilaemnuisqmi"; depth:16; endswith; nocase; http.host; content:"kktoor.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248981/; classtype:trojan-activity;sid:83112081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/siibntso"; depth:13; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248968/; classtype:trojan-activity;sid:83112068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/qriuemaudme"; depth:17; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248969/; classtype:trojan-activity;sid:83112069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/iuiialcffmol"; depth:16; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248970/; classtype:trojan-activity;sid:83112070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/eotsriseloramr"; depth:18; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248971/; classtype:trojan-activity;sid:83112071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re/vcurolopsptsrioa"; depth:20; endswith; nocase; http.host; content:"coulylabadiogoul.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248972/; classtype:trojan-activity;sid:83112072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/ufteisgt"; depth:13; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248973/; classtype:trojan-activity;sid:83112073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/sodcaultrrqoenuo"; depth:20; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248974/; classtype:trojan-activity;sid:83112074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/todprioor"; depth:15; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248960/; classtype:trojan-activity;sid:83112060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oae/piccttnoereeeeadihrrca"; depth:27; endswith; nocase; http.host; content:"sqqlm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248961/; classtype:trojan-activity;sid:83112061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/itduaelqi"; depth:13; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248962/; classtype:trojan-activity;sid:83112062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/ruepraieosqsi"; depth:17; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248963/; classtype:trojan-activity;sid:83112063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/utcxainteeetorim"; depth:21; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248964/; classtype:trojan-activity;sid:83112064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/itquosueucm"; depth:17; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248965/; classtype:trojan-activity;sid:83112065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd/iieivtfcfensieo"; depth:19; endswith; nocase; http.host; content:"arsmagna.mx"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248966/; classtype:trojan-activity;sid:83112066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/enima"; depth:11; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248967/; classtype:trojan-activity;sid:83112067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to/erntuvelet"; depth:14; endswith; nocase; http.host; content:"jp2gi.org"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248957/; classtype:trojan-activity;sid:83112057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bur/eropaeammtt"; depth:16; endswith; nocase; http.host; content:"smkn2-sawahlunto.sch.id"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248958/; classtype:trojan-activity;sid:83112058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oae/uqcimudsuai"; depth:16; endswith; nocase; http.host; content:"sqqlm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248959/; classtype:trojan-activity;sid:83112059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/esbuautltmvreoppito"; depth:25; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248949/; classtype:trojan-activity;sid:83112049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/uueqqaae"; depth:12; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248950/; classtype:trojan-activity;sid:83112050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd/eilultm"; depth:11; endswith; nocase; http.host; content:"arsmagna.mx"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248951/; classtype:trojan-activity;sid:83112051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd/nrtuuaiedfsetg"; depth:18; endswith; nocase; http.host; content:"arsmagna.mx"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248952/; classtype:trojan-activity;sid:83112052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bur/dnii"; depth:9; endswith; nocase; http.host; content:"smkn2-sawahlunto.sch.id"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248953/; classtype:trojan-activity;sid:83112053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/isnoodtlr"; depth:15; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248954/; classtype:trojan-activity;sid:83112054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/ecunaestuadr"; depth:18; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248955/; classtype:trojan-activity;sid:83112055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/ibpodqlxoecau"; depth:19; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248956/; classtype:trojan-activity;sid:83112056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/croiussrioep"; depth:18; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248944/; classtype:trojan-activity;sid:83112044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/uusitmp"; depth:11; endswith; nocase; http.host; content:"neutrosophicassociation.org"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248945/; classtype:trojan-activity;sid:83112045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qio/lmsborloaeseita"; depth:20; endswith; nocase; http.host; content:"veomtruementor.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248946/; classtype:trojan-activity;sid:83112046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oae/maeqiruur"; depth:14; endswith; nocase; http.host; content:"sqqlm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248947/; classtype:trojan-activity;sid:83112047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/iosltolebtviaurubp"; depth:23; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248948/; classtype:trojan-activity;sid:83112048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/uedean"; depth:11; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248938/; classtype:trojan-activity;sid:83112038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rreo/arpiausrtti"; depth:17; endswith; nocase; http.host; content:"sujaypaul.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248939/; classtype:trojan-activity;sid:83112039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecir/irumipsnamae"; depth:18; endswith; nocase; http.host; content:"dxbnewlaunch.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248940/; classtype:trojan-activity;sid:83112040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/rafseescee"; depth:16; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248941/; classtype:trojan-activity;sid:83112041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rap/edrmi"; depth:10; endswith; nocase; http.host; content:"lefiammegemelle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248942/; classtype:trojan-activity;sid:83112042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/aastmeeirp"; depth:14; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248943/; classtype:trojan-activity;sid:83112043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/netmiiidp"; depth:15; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248933/; classtype:trojan-activity;sid:83112033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/aemgbataenam"; depth:16; endswith; nocase; http.host; content:"neutrosophicassociation.org"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248934/; classtype:trojan-activity;sid:83112034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/lqlaiiaeciuxopdb"; depth:20; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248935/; classtype:trojan-activity;sid:83112035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/su/ttusin"; depth:10; endswith; nocase; http.host; content:"macdefug.org"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248936/; classtype:trojan-activity;sid:83112036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/coritreops"; depth:14; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248937/; classtype:trojan-activity;sid:83112037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovtl/uinamisccatun"; depth:19; endswith; nocase; http.host; content:"tphoz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248928/; classtype:trojan-activity;sid:83112028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eau/aueeostm"; depth:13; endswith; nocase; http.host; content:"akscon.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248929/; classtype:trojan-activity;sid:83112029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/timdoocmpmiied"; depth:18; endswith; nocase; http.host; content:"aimtees.com"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248930/; classtype:trojan-activity;sid:83112030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/tlibiasndiet"; depth:16; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248931/; classtype:trojan-activity;sid:83112031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iahc/siusioenm"; depth:15; endswith; nocase; http.host; content:"tinasharma.co.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248932/; classtype:trojan-activity;sid:83112032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/al/ttuua"; depth:9; endswith; nocase; http.host; content:"ontariostudentfunding.ca"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248922/; classtype:trojan-activity;sid:83112022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd/udta"; depth:8; endswith; nocase; http.host; content:"arsmagna.mx"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248923/; classtype:trojan-activity;sid:83112023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/adneeuaacbrs"; depth:17; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248924/; classtype:trojan-activity;sid:83112024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pri/reldeosod"; depth:14; endswith; nocase; http.host; content:"bencohospitex.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248925/; classtype:trojan-activity;sid:83112025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evcp/teapsis"; depth:13; endswith; nocase; http.host; content:"mitsuchem.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248926/; classtype:trojan-activity;sid:83112026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/ofeibrerealc"; depth:18; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248927/; classtype:trojan-activity;sid:83112027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/sempmouritospse"; depth:19; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248914/; classtype:trojan-activity;sid:83112014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/sopilsiteamsicdia"; depth:23; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248915/; classtype:trojan-activity;sid:83112015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/uiqte"; depth:10; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248916/; classtype:trojan-activity;sid:83112016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmu/dorlnelenepuns"; depth:19; endswith; nocase; http.host; content:"turopainterior.es"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248917/; classtype:trojan-activity;sid:83112017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/eeturmr"; depth:13; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248918/; classtype:trojan-activity;sid:83112018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/tauvteitsplmo"; depth:17; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248919/; classtype:trojan-activity;sid:83112019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el/ieqtu"; depth:9; endswith; nocase; http.host; content:"huzurtemizlik.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248920/; classtype:trojan-activity;sid:83112020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/qsumeati"; depth:14; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248921/; classtype:trojan-activity;sid:83112021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muo/olmieodrpsas"; depth:17; endswith; nocase; http.host; content:"mybizwallet.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248909/; classtype:trojan-activity;sid:83112009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/uvttasoelp"; depth:16; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248910/; classtype:trojan-activity;sid:83112010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/imtiofssupgus"; depth:18; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248911/; classtype:trojan-activity;sid:83112011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oi/uotvluptsa"; depth:14; endswith; nocase; http.host; content:"wxtzz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248912/; classtype:trojan-activity;sid:83112012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/aqtiiouilml"; depth:15; endswith; nocase; http.host; content:"queteeent.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248913/; classtype:trojan-activity;sid:83112013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or/uqsstio"; depth:11; endswith; nocase; http.host; content:"kktoor.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248904/; classtype:trojan-activity;sid:83112004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/suouvltpvattpeaol"; depth:21; endswith; nocase; http.host; content:"strikevpn.ml"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248905/; classtype:trojan-activity;sid:83112005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aii/nicpaiesndtue"; depth:18; endswith; nocase; http.host; content:"burraqewheels.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248906/; classtype:trojan-activity;sid:83112006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/qiutau"; depth:12; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248907/; classtype:trojan-activity;sid:83112007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncu/qiidalniuis"; depth:16; endswith; nocase; http.host; content:"miprimerbocado.com.pe"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248908/; classtype:trojan-activity;sid:83112008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/ciaodrspor"; depth:16; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248893/; classtype:trojan-activity;sid:83111993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muo/tuetoaletpv"; depth:16; endswith; nocase; http.host; content:"mybizwallet.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248894/; classtype:trojan-activity;sid:83111994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bur/pmsmisniuutcacaa"; depth:21; endswith; nocase; http.host; content:"smkn2-sawahlunto.sch.id"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248895/; classtype:trojan-activity;sid:83111995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to/mlseaulse"; depth:13; endswith; nocase; http.host; content:"jp2gi.org"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248896/; classtype:trojan-activity;sid:83111996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to/erteentiosvn"; depth:16; endswith; nocase; http.host; content:"jp2gi.org"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248897/; classtype:trojan-activity;sid:83111997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/umoeemn"; depth:12; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248898/; classtype:trojan-activity;sid:83111998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cot/surdoabtlio"; depth:16; endswith; nocase; http.host; content:"electroramsa.com.mx"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248899/; classtype:trojan-activity;sid:83111999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oae/hecit"; depth:10; endswith; nocase; http.host; content:"sqqlm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248900/; classtype:trojan-activity;sid:83112000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to/afouugq"; depth:11; endswith; nocase; http.host; content:"jp2gi.org"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248901/; classtype:trojan-activity;sid:83112001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/ptualneeedsrlronie"; depth:24; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248902/; classtype:trojan-activity;sid:83112002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rreo/eplttpaetsnoeumaiv"; depth:24; endswith; nocase; http.host; content:"sujaypaul.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248903/; classtype:trojan-activity;sid:83112003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el/utlaeslm"; depth:12; endswith; nocase; http.host; content:"huzurtemizlik.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248891/; classtype:trojan-activity;sid:83111991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or/lquaeev"; depth:11; endswith; nocase; http.host; content:"kktoor.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248892/; classtype:trojan-activity;sid:83111992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/mtuinscsduu"; depth:17; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248887/; classtype:trojan-activity;sid:83111987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rap/sielatcfi"; depth:14; endswith; nocase; http.host; content:"lefiammegemelle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248888/; classtype:trojan-activity;sid:83111988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ia/curemquuasnotqa"; depth:19; endswith; nocase; http.host; content:"dlfgroupindia.in"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248889/; classtype:trojan-activity;sid:83111989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opv/udeent"; depth:11; endswith; nocase; http.host; content:"sugatidiet.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248890/; classtype:trojan-activity;sid:83111990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooe/ouqusnt"; depth:12; endswith; nocase; http.host; content:"singerabhijeet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248876/; classtype:trojan-activity;sid:83111976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/aeavoitluopactcmctu"; depth:25; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248877/; classtype:trojan-activity;sid:83111977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/oiplordcrrout"; depth:19; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248878/; classtype:trojan-activity;sid:83111978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/omodtlliailro"; depth:19; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248879/; classtype:trojan-activity;sid:83111979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/ultismcdopvmaoeot"; depth:23; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248880/; classtype:trojan-activity;sid:83111980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re/mdelumruoo"; depth:14; endswith; nocase; http.host; content:"coulylabadiogoul.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248881/; classtype:trojan-activity;sid:83111981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur/ctueaeuidtamipt"; depth:19; endswith; nocase; http.host; content:"meghapure.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248882/; classtype:trojan-activity;sid:83111982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pas/mniasopem"; depth:14; endswith; nocase; http.host; content:"wisconsinpodcastfestival.com"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248883/; classtype:trojan-activity;sid:83111983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rap/iitbrdanolucen"; depth:19; endswith; nocase; http.host; content:"lefiammegemelle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248884/; classtype:trojan-activity;sid:83111984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euo/eenecaitotxreisom"; depth:22; endswith; nocase; http.host; content:"reiki-expert.fr"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248885/; classtype:trojan-activity;sid:83111985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oat/eataememibax"; depth:17; endswith; nocase; http.host; content:"lefiammegemelle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248886/; classtype:trojan-activity;sid:83111986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/tueants"; depth:11; endswith; nocase; http.host; content:"mykosofe.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248874/; classtype:trojan-activity;sid:83111974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/isnstit"; depth:13; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248875/; classtype:trojan-activity;sid:83111975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovtl/luqvtpeeoutmaa"; depth:20; endswith; nocase; http.host; content:"tphoz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248870/; classtype:trojan-activity;sid:83111970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/acfoiiqiufa"; depth:17; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248871/; classtype:trojan-activity;sid:83111971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/dminseso"; depth:12; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248872/; classtype:trojan-activity;sid:83111972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ar/stcdapiisii"; depth:15; endswith; nocase; http.host; content:"djaof.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248873/; classtype:trojan-activity;sid:83111973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/estaumstnaupaceniiucrm"; depth:26; endswith; nocase; http.host; content:"gzopi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248862/; classtype:trojan-activity;sid:83111962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/lpaumtpvaxclbtiooee"; depth:25; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248863/; classtype:trojan-activity;sid:83111963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uiut/tailsuippsraovsctpie"; depth:26; endswith; nocase; http.host; content:"antares-anton.cl"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248864/; classtype:trojan-activity;sid:83111964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omu/iinimnhlsu"; depth:15; endswith; nocase; http.host; content:"howieland.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248865/; classtype:trojan-activity;sid:83111965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctpt/ietdpnsease"; depth:17; endswith; nocase; http.host; content:"instantreplys.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248866/; classtype:trojan-activity;sid:83111966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sn/eriepesfesnrtdi"; depth:19; endswith; nocase; http.host; content:"povef.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248867/; classtype:trojan-activity;sid:83111967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or/iuainatm"; depth:12; endswith; nocase; http.host; content:"kktoor.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248868/; classtype:trojan-activity;sid:83111968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/or/eett"; depth:8; endswith; nocase; http.host; content:"kktoor.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248869/; classtype:trojan-activity;sid:83111969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.72.23.49"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248861/; classtype:trojan-activity;sid:83111961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"173.235.63.29"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248860/; classtype:trojan-activity;sid:83111960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.114.33.123"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248859/; classtype:trojan-activity;sid:83111959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.106.205.181"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248857/; classtype:trojan-activity;sid:83111957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.175.242"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248858/; classtype:trojan-activity;sid:83111958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.226.83.6"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248856/; classtype:trojan-activity;sid:83111956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/petitzx.exe"; depth:12; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248855/; classtype:trojan-activity;sid:83111955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/971678079330168855/989821368403132426/doc99991821.rar"; depth:66; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248854/; classtype:trojan-activity;sid:83111954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.236.60"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248853/; classtype:trojan-activity;sid:83111953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmm/j.png"; depth:10; endswith; nocase; http.host; content:"neptuneimpex.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248852/; classtype:trojan-activity;sid:83111952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newnana.exe"; depth:12; endswith; nocase; http.host; content:"185.102.170.122"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248850/; classtype:trojan-activity;sid:83111950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/methods.exe"; depth:12; endswith; nocase; http.host; content:"185.102.170.122"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248851/; classtype:trojan-activity;sid:83111951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.224.38.230"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248849/; classtype:trojan-activity;sid:83111949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/989178490244968521/989756406364270622/jrthzkvzltziglopalxxldlfgmdjaaf"; depth:82; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248848/; classtype:trojan-activity;sid:83111948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.169.22.24"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248847/; classtype:trojan-activity;sid:83111947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.37.79.180"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248846/; classtype:trojan-activity;sid:83111946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x5/yyclient/client.bin"; depth:23; endswith; nocase; http.host; content:"cdn-cqwz.7road.net"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248845/; classtype:trojan-activity;sid:83111945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chi/cyebk.exe"; depth:14; endswith; nocase; http.host; content:"193.169.255.115"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248844/; classtype:trojan-activity;sid:83111944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.105"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248843/; classtype:trojan-activity;sid:83111943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.134.162.130"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248841/; classtype:trojan-activity;sid:83111941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"218.29.29.70"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248842/; classtype:trojan-activity;sid:83111942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.159.93.99"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248840/; classtype:trojan-activity;sid:83111940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/teet"; depth:8; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248839/; classtype:trojan-activity;sid:83111939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.91.234.53"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248838/; classtype:trojan-activity;sid:83111938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clsi/mnseutputbsroi"; depth:20; endswith; nocase; http.host; content:"aspam.cl"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248837/; classtype:trojan-activity;sid:83111937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.122.69.20"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248836/; classtype:trojan-activity;sid:83111936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.202.69.153"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248835/; classtype:trojan-activity;sid:83111935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.98.36.25"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248834/; classtype:trojan-activity;sid:83111934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.73.151.55"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248833/; classtype:trojan-activity;sid:83111933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.130.176.104"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248832/; classtype:trojan-activity;sid:83111932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nic/nicecoke.exe"; depth:17; endswith; nocase; http.host; content:"85.202.169.93"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248831/; classtype:trojan-activity;sid:83111931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.43.225"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248830/; classtype:trojan-activity;sid:83111930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07xr/gbdev.png"; depth:15; endswith; nocase; http.host; content:"altunminyum.github.io"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248829/; classtype:trojan-activity;sid:83111929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ao5o/24.06.2022.cuma.ihtiyac.listesi.xlsx"; depth:42; endswith; nocase; http.host; content:"morcelik.github.io"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248828/; classtype:trojan-activity;sid:83111928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.157.40"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248827/; classtype:trojan-activity;sid:83111927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/templates/sgbvh/"; depth:17; endswith; nocase; http.host; content:"www.construlandia.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248826/; classtype:trojan-activity;sid:83111926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.28.98.74"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248825/; classtype:trojan-activity;sid:83111925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.247.187.37"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248824/; classtype:trojan-activity;sid:83111924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.228.43.7"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248823/; classtype:trojan-activity;sid:83111923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.133.49.42"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248822/; classtype:trojan-activity;sid:83111922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miori.i6"; depth:9; endswith; nocase; http.host; content:"46.249.32.157"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248814/; classtype:trojan-activity;sid:83111914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//saitama121.mips"; depth:22; endswith; nocase; http.host; content:"2.56.59.196"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248815/; classtype:trojan-activity;sid:83111915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//lol.m68k"; depth:15; endswith; nocase; http.host; content:"103.136.40.142"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248816/; classtype:trojan-activity;sid:83111916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shitnet//irc.arm5"; depth:18; endswith; nocase; http.host; content:"62.197.136.92"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248817/; classtype:trojan-activity;sid:83111917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zg9zx86"; depth:8; endswith; nocase; http.host; content:"103.136.41.100"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248818/; classtype:trojan-activity;sid:83111918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//zg9zx86"; depth:14; endswith; nocase; http.host; content:"2.56.59.83"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248819/; classtype:trojan-activity;sid:83111919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu//arm"; depth:9; endswith; nocase; http.host; content:"194.31.98.104"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248820/; classtype:trojan-activity;sid:83111920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//zg9zarm"; depth:14; endswith; nocase; http.host; content:"103.136.40.141"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248821/; classtype:trojan-activity;sid:83111921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins//ppc"; depth:10; endswith; nocase; http.host; content:"37.0.8.158"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248813/; classtype:trojan-activity;sid:83111913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reaper//reap.x86"; depth:17; endswith; nocase; http.host; content:"193.233.48.38"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248812/; classtype:trojan-activity;sid:83111912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.82.39"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248811/; classtype:trojan-activity;sid:83111911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.226.18.35"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248810/; classtype:trojan-activity;sid:83111910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"113.221.26.132"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248809/; classtype:trojan-activity;sid:83111909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coe/pbwcinzft.exe"; depth:18; endswith; nocase; http.host; content:"193.169.255.115"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248808/; classtype:trojan-activity;sid:83111908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/favour.exe"; depth:11; endswith; nocase; http.host; content:"23.94.159.198"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248807/; classtype:trojan-activity;sid:83111907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"41.86.5.142"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248806/; classtype:trojan-activity;sid:83111906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.135.10.58"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248805/; classtype:trojan-activity;sid:83111905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader/uploads/stealernew0330_uevwjzic.jpg"; depth:43; endswith; nocase; http.host; content:"190.123.44.138"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248804/; classtype:trojan-activity;sid:83111904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"41.72.22.16"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248803/; classtype:trojan-activity;sid:83111903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/post/2022/6/7/21494_3264113.exe"; depth:39; endswith; nocase; http.host; content:"console.cnyixun.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248802/; classtype:trojan-activity;sid:83111902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.173.125.38"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248801/; classtype:trojan-activity;sid:83111901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.85.139"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248800/; classtype:trojan-activity;sid:83111900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.14.122.249"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248798/; classtype:trojan-activity;sid:83111898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.74.11.65"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248799/; classtype:trojan-activity;sid:83111899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.62.157.76"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248794/; classtype:trojan-activity;sid:83111894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.39.93"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248795/; classtype:trojan-activity;sid:83111895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.110.48.35"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248796/; classtype:trojan-activity;sid:83111896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.150.178.88"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248797/; classtype:trojan-activity;sid:83111897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.56.174.137"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248792/; classtype:trojan-activity;sid:83111892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.237.52.174"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248793/; classtype:trojan-activity;sid:83111893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.184.89.98"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248791/; classtype:trojan-activity;sid:83111891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/h38msg/"; depth:17; endswith; nocase; http.host; content:"dhsh.com.ar"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248790/; classtype:trojan-activity;sid:83111890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/8ggxil4n/"; depth:22; endswith; nocase; http.host; content:"www.dnautik.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248788/; classtype:trojan-activity;sid:83111888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrator/90dadpeytaqo1a/"; depth:30; endswith; nocase; http.host; content:"www.diventuretravel.com"; depth:23; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248789/; classtype:trojan-activity;sid:83111889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat/obaacsyp07uq41g/"; depth:21; endswith; nocase; http.host; content:"djunreal.co.uk"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248787/; classtype:trojan-activity;sid:83111887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"115.202.236.4"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248786/; classtype:trojan-activity;sid:83111886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.201.172.53"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248785/; classtype:trojan-activity;sid:83111885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.152.182"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248784/; classtype:trojan-activity;sid:83111884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.50.115"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248783/; classtype:trojan-activity;sid:83111883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.6.106.40"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248782/; classtype:trojan-activity;sid:83111882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"2.196.132.145"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248781/; classtype:trojan-activity;sid:83111881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.173.99.129"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248780/; classtype:trojan-activity;sid:83111880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rait/doggy_fajxcazrid253.bin"; depth:29; endswith; nocase; http.host; content:"dumink.strangled.net"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248779/; classtype:trojan-activity;sid:83111879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0909/vbc.exe"; depth:13; endswith; nocase; http.host; content:"23.95.34.6"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248777/; classtype:trojan-activity;sid:83111877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0909/word_document.doc"; depth:23; endswith; nocase; http.host; content:"23.95.34.6"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248778/; classtype:trojan-activity;sid:83111878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoffice/audiodg.exe"; depth:21; endswith; nocase; http.host; content:"103.149.12.43"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248776/; classtype:trojan-activity;sid:83111876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/big.exe"; depth:10; endswith; nocase; http.host; content:"107.172.76.188"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248774/; classtype:trojan-activity;sid:83111874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0623282636.zip"; depth:15; endswith; nocase; http.host; content:"159.69.102.192"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248775/; classtype:trojan-activity;sid:83111875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rait/polls.exe"; depth:15; endswith; nocase; http.host; content:"212.192.241.211"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248773/; classtype:trojan-activity;sid:83111873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pixel.png"; depth:10; endswith; nocase; http.host; content:"2f4d838f.step.ifsguy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248772/; classtype:trojan-activity;sid:83111872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/apikey/bd.exe"; depth:33; endswith; nocase; http.host; content:"afromerchants.co.zw"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248771/; classtype:trojan-activity;sid:83111871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/apikey/em.exe"; depth:33; endswith; nocase; http.host; content:"afromerchants.co.zw"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248770/; classtype:trojan-activity;sid:83111870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.22.5.194"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248769/; classtype:trojan-activity;sid:83111869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"102.116.82.237"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248768/; classtype:trojan-activity;sid:83111868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/rkp098000000000000000_kfmukdrc.jpg"; depth:39; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248758/; classtype:trojan-activity;sid:83111858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/ohr00780008765434567_wngdsnlu.jpg"; depth:38; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248759/; classtype:trojan-activity;sid:83111859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/09009876543456789000000_qdbvcxfv.jpg"; depth:41; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248760/; classtype:trojan-activity;sid:83111860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/paralikgroup%20ori%204_kvxurv105.bin"; depth:41; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248761/; classtype:trojan-activity;sid:83111861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/muhasebe@par%20v4_yhkzfacrl250.bin"; depth:39; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248762/; classtype:trojan-activity;sid:83111862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/08765434567000000906543_hrhplant.jpg"; depth:41; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248763/; classtype:trojan-activity;sid:83111863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/d%20ori%20v4_ydvhcl86.bin"; depth:30; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248764/; classtype:trojan-activity;sid:83111864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/bin_fjonuv217.bin"; depth:22; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248765/; classtype:trojan-activity;sid:83111865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/2022_aeovhap124.bin"; depth:24; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248766/; classtype:trojan-activity;sid:83111866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/reyhanozkan%20sles%204_yozwedefyb157.bin"; depth:45; endswith; nocase; http.host; content:"172.245.163.156"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248767/; classtype:trojan-activity;sid:83111867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.170.231.104"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248757/; classtype:trojan-activity;sid:83111857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"183.99.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248756/; classtype:trojan-activity;sid:83111856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/300/c_document.doc"; depth:19; endswith; nocase; http.host; content:"192.227.168.194"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248755/; classtype:trojan-activity;sid:83111855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/346/vbc.exe"; depth:12; endswith; nocase; http.host; content:"192.227.173.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248754/; classtype:trojan-activity;sid:83111854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsktq9clvnvgnck.exe"; depth:20; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248753/; classtype:trojan-activity;sid:83111853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/clip.exe"; depth:15; endswith; nocase; http.host; content:"infinite-stars.net"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248752/; classtype:trojan-activity;sid:83111852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/drop.exe"; depth:15; endswith; nocase; http.host; content:"infinite-stars.net"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248751/; classtype:trojan-activity;sid:83111851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_msoffice10/vbc.exe"; depth:20; endswith; nocase; http.host; content:"103.167.91.26"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248749/; classtype:trojan-activity;sid:83111849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh/vbc.exe"; depth:12; endswith; nocase; http.host; content:"103.232.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248750/; classtype:trojan-activity;sid:83111850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greeeeorgn32x.exe"; depth:18; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248748/; classtype:trojan-activity;sid:83111848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/vida.exe"; depth:15; endswith; nocase; http.host; content:"infinite-stars.net"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248747/; classtype:trojan-activity;sid:83111847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.110.126.60"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248746/; classtype:trojan-activity;sid:83111846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.229.56.64"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248745/; classtype:trojan-activity;sid:83111845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.243.55.4"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248744/; classtype:trojan-activity;sid:83111844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sorp/iiumsdcieerrena"; depth:21; endswith; nocase; http.host; content:"pti-aast.org"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248743/; classtype:trojan-activity;sid:83111843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.135.134.188"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248742/; classtype:trojan-activity;sid:83111842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.120.213.111"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248741/; classtype:trojan-activity;sid:83111841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frits5.exe"; depth:11; endswith; nocase; http.host; content:"212.192.241.211"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248740/; classtype:trojan-activity;sid:83111840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"108.168.75.197"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248739/; classtype:trojan-activity;sid:83111839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/100/100.exe"; depth:12; endswith; nocase; http.host; content:"212.192.241.211"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248737/; classtype:trojan-activity;sid:83111837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dedosa.exe"; depth:11; endswith; nocase; http.host; content:"185.112.83.99"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248738/; classtype:trojan-activity;sid:83111838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.1.16"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248734/; classtype:trojan-activity;sid:83111834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.2.211"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248735/; classtype:trojan-activity;sid:83111835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.115.91.154"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248736/; classtype:trojan-activity;sid:83111836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.215.202.237"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248731/; classtype:trojan-activity;sid:83111831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.14.122.157"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248732/; classtype:trojan-activity;sid:83111832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"26.16.5.240"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248733/; classtype:trojan-activity;sid:83111833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.235.147.107"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248730/; classtype:trojan-activity;sid:83111830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.239.246.133"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248725/; classtype:trojan-activity;sid:83111825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.100.236"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248726/; classtype:trojan-activity;sid:83111826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.132.222"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248727/; classtype:trojan-activity;sid:83111827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.159.83.27"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248728/; classtype:trojan-activity;sid:83111828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.40.251.169"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248729/; classtype:trojan-activity;sid:83111829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.146.53"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248720/; classtype:trojan-activity;sid:83111820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"201.150.186.195"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248721/; classtype:trojan-activity;sid:83111821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.99.142.131"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248722/; classtype:trojan-activity;sid:83111822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.158.19.204"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248723/; classtype:trojan-activity;sid:83111823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.252.166"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248724/; classtype:trojan-activity;sid:83111824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.112.59.15"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248719/; classtype:trojan-activity;sid:83111819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.152.24.94"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248718/; classtype:trojan-activity;sid:83111818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.170.218.201"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248717/; classtype:trojan-activity;sid:83111817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"175.192.163.99"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248716/; classtype:trojan-activity;sid:83111816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.230.26.12"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248715/; classtype:trojan-activity;sid:83111815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uzcunfom_forggoix.jpg"; depth:22; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248714/; classtype:trojan-activity;sid:83111814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uzcunfom.exe"; depth:13; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248713/; classtype:trojan-activity;sid:83111813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/somx.exe"; depth:9; endswith; nocase; http.host; content:"2.58.149.200"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248712/; classtype:trojan-activity;sid:83111812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feedback/hi/"; depth:13; endswith; nocase; http.host; content:"dscaluya.6te.net"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248711/; classtype:trojan-activity;sid:83111811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/qmy/"; depth:16; endswith; nocase; http.host; content:"drviniciusterra.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248709/; classtype:trojan-activity;sid:83111809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-bin/gldvp/"; depth:15; endswith; nocase; http.host; content:"www.concivilpa.com.py"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248710/; classtype:trojan-activity;sid:83111810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.63.146.227"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248707/; classtype:trojan-activity;sid:83111807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vp5mxjxiyfx/"; depth:13; endswith; nocase; http.host; content:"drmetz.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248708/; classtype:trojan-activity;sid:83111808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.132.176.232"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248706/; classtype:trojan-activity;sid:83111806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.81.5.249"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248705/; classtype:trojan-activity;sid:83111805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoffice/vbc.exe"; depth:17; endswith; nocase; http.host; content:"103.232.55.60"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248704/; classtype:trojan-activity;sid:83111804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/office11n/vbc.exe"; depth:18; endswith; nocase; http.host; content:"103.167.91.26"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248703/; classtype:trojan-activity;sid:83111803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lanskoy.exe"; depth:12; endswith; nocase; http.host; content:"185.112.83.99"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248695/; classtype:trojan-activity;sid:83111795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.ppc"; depth:9; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248696/; classtype:trojan-activity;sid:83111796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.arm7"; depth:10; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248697/; classtype:trojan-activity;sid:83111797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.arm6"; depth:10; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248698/; classtype:trojan-activity;sid:83111798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbb.exe"; depth:8; endswith; nocase; http.host; content:"193.233.191.81"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248699/; classtype:trojan-activity;sid:83111799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggeeeloggercrypted.exe"; depth:23; endswith; nocase; http.host; content:"2.56.57.22"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248700/; classtype:trojan-activity;sid:83111800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.arm5"; depth:10; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248701/; classtype:trojan-activity;sid:83111801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evp.exe"; depth:8; endswith; nocase; http.host; content:"193.233.191.81"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248702/; classtype:trojan-activity;sid:83111802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.spc"; depth:9; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248691/; classtype:trojan-activity;sid:83111791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.m68k"; depth:10; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248692/; classtype:trojan-activity;sid:83111792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.sh4"; depth:9; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248693/; classtype:trojan-activity;sid:83111793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd.mpsl"; depth:10; endswith; nocase; http.host; content:"149.5.173.33"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248694/; classtype:trojan-activity;sid:83111794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.234.132.163"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248690/; classtype:trojan-activity;sid:83111790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.89.156.126"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248689/; classtype:trojan-activity;sid:83111789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rait/integrals1.exe"; depth:20; endswith; nocase; http.host; content:"212.192.241.211"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248688/; classtype:trojan-activity;sid:83111788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"114.226.63.249"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248687/; classtype:trojan-activity;sid:83111787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.222.202.221"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248686/; classtype:trojan-activity;sid:83111786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"61.230.57.145"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248685/; classtype:trojan-activity;sid:83111785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.23.165.100"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248684/; classtype:trojan-activity;sid:83111784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.92.79.132"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248683/; classtype:trojan-activity;sid:83111783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"61.152.197.76"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248682/; classtype:trojan-activity;sid:83111782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.52.116.80"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248681/; classtype:trojan-activity;sid:83111781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.134.176.231"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248680/; classtype:trojan-activity;sid:83111780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.43.92"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248679/; classtype:trojan-activity;sid:83111779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.176.20.245"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248678/; classtype:trojan-activity;sid:83111778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.132.190.100"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248677/; classtype:trojan-activity;sid:83111777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.64.120"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248676/; classtype:trojan-activity;sid:83111776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"210.113.51.167"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248675/; classtype:trojan-activity;sid:83111775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.230.206.126"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248674/; classtype:trojan-activity;sid:83111774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.173.146"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248673/; classtype:trojan-activity;sid:83111773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pixel.png"; depth:10; endswith; nocase; http.host; content:"246003bf.step.ifsguy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248672/; classtype:trojan-activity;sid:83111772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"61.221.147.5"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248671/; classtype:trojan-activity;sid:83111771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.171.20.223"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248670/; classtype:trojan-activity;sid:83111770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.176.168.8"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248669/; classtype:trojan-activity;sid:83111769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.247.65.70"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248668/; classtype:trojan-activity;sid:83111768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.143.185.106"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248667/; classtype:trojan-activity;sid:83111767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.83.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248666/; classtype:trojan-activity;sid:83111766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"140.237.15.106"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248665/; classtype:trojan-activity;sid:83111765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.167.148.72"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248663/; classtype:trojan-activity;sid:83111763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"147.235.55.179"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248664/; classtype:trojan-activity;sid:83111764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.spc"; depth:9; endswith; nocase; http.host; content:"209.141.37.15"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248662/; classtype:trojan-activity;sid:83111762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"184.82.78.252"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248661/; classtype:trojan-activity;sid:83111761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.53.237.11"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248660/; classtype:trojan-activity;sid:83111760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.134.169.64"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248659/; classtype:trojan-activity;sid:83111759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"98.156.131.129"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248658/; classtype:trojan-activity;sid:83111758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.106.154"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248657/; classtype:trojan-activity;sid:83111757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.50.226.90"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248656/; classtype:trojan-activity;sid:83111756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.237.18"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248655/; classtype:trojan-activity;sid:83111755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.232.43.20"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248654/; classtype:trojan-activity;sid:83111754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.184.174.44"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248653/; classtype:trojan-activity;sid:83111753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.74.11.252"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248652/; classtype:trojan-activity;sid:83111752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blogs/prv/"; depth:11; endswith; nocase; http.host; content:"dodsbo-hjelpen.dk"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248651/; classtype:trojan-activity;sid:83111751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e_port/ayb2ag2/"; depth:16; endswith; nocase; http.host; content:"eportfolio-bizcom.msci.dusit.ac.th"; depth:34; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248650/; classtype:trojan-activity;sid:83111750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/cpphgfsra/"; depth:15; endswith; nocase; http.host; content:"document.vpservice-online.com"; depth:29; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248649/; classtype:trojan-activity;sid:83111749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/zbp4r/"; depth:10; endswith; nocase; http.host; content:"domyzizka.cz"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248648/; classtype:trojan-activity;sid:83111748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.186.115.59"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248647/; classtype:trojan-activity;sid:83111747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pixel.png"; depth:10; endswith; nocase; http.host; content:"88be8dc3.step.ifsguy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248646/; classtype:trojan-activity;sid:83111746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.135.158.198"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248645/; classtype:trojan-activity;sid:83111745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.78.217.119"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248644/; classtype:trojan-activity;sid:83111744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.125.227.48"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248643/; classtype:trojan-activity;sid:83111743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.129.54.37"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248642/; classtype:trojan-activity;sid:83111742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.66.109.33"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248641/; classtype:trojan-activity;sid:83111741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pixel.png"; depth:10; endswith; nocase; http.host; content:"eeeb755c.step.ifsguy.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248640/; classtype:trojan-activity;sid:83111740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.127.196.88"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248639/; classtype:trojan-activity;sid:83111739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//mozi.m"; depth:8; endswith; nocase; http.host; content:"117.217.147.96"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248638/; classtype:trojan-activity;sid:83111738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"50.197.186.122"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248637/; classtype:trojan-activity;sid:83111737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.6.132.98"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248636/; classtype:trojan-activity;sid:83111736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zg9zarm"; depth:13; endswith; nocase; http.host; content:"103-136-41-100.hosted-by-worldstream.net"; depth:40; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248635/; classtype:trojan-activity;sid:83111735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/jbmebsc6"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248634/; classtype:trojan-activity;sid:83111734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/bnwz5cj3"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248633/; classtype:trojan-activity;sid:83111733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/8xcnewkh"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248632/; classtype:trojan-activity;sid:83111732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/y3q6rd2w"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248631/; classtype:trojan-activity;sid:83111731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.165.61.54"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248630/; classtype:trojan-activity;sid:83111730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.11.28.52"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248629/; classtype:trojan-activity;sid:83111729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"189.89.84.208"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248628/; classtype:trojan-activity;sid:83111728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.30.174.255"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248627/; classtype:trojan-activity;sid:83111727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.236.17"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248626/; classtype:trojan-activity;sid:83111726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.100.248"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248625/; classtype:trojan-activity;sid:83111725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb/ekene.exe"; depth:13; endswith; nocase; http.host; content:"198.46.132.217"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248624/; classtype:trojan-activity;sid:83111724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb/shipping_invoice.doc"; depth:24; endswith; nocase; http.host; content:"198.46.132.217"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248623/; classtype:trojan-activity;sid:83111723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/rskgnagr"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248622/; classtype:trojan-activity;sid:83111722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/canizsk8"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248620/; classtype:trojan-activity;sid:83111720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/j5bdll8h"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248621/; classtype:trojan-activity;sid:83111721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.65.218"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248619/; classtype:trojan-activity;sid:83111719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payment_review.exe"; depth:19; endswith; nocase; http.host; content:"av.uaextra.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248618/; classtype:trojan-activity;sid:83111718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"220.134.30.12"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248617/; classtype:trojan-activity;sid:83111717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raw/8tg28q1e"; depth:13; endswith; nocase; http.host; content:"pastebin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248616/; classtype:trojan-activity;sid:83111716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.40.196.35"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248615/; classtype:trojan-activity;sid:83111715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.14.122.245"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248614/; classtype:trojan-activity;sid:83111714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.174.144.37"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248613/; classtype:trojan-activity;sid:83111713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.138.203.47"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248612/; classtype:trojan-activity;sid:83111712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"42.117.205.66"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248611/; classtype:trojan-activity;sid:83111711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvu/upd64.exe"; depth:14; endswith; nocase; http.host; content:"194.104.136.69"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248610/; classtype:trojan-activity;sid:83111710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.83.230.132"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248609/; classtype:trojan-activity;sid:83111709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvu/upd32.exe"; depth:14; endswith; nocase; http.host; content:"194.104.136.69"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248606/; classtype:trojan-activity;sid:83111706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2zka2psa2poc3rscg.exe"; depth:23; endswith; nocase; http.host; content:"194.104.136.69"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248607/; classtype:trojan-activity;sid:83111707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2zka2psa2poq2w.exe"; depth:20; endswith; nocase; http.host; content:"194.104.136.69"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248608/; classtype:trojan-activity;sid:83111708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2tbcs/lkuxcrqu/"; depth:16; endswith; nocase; http.host; content:"goldenheartk9s.org"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248605/; classtype:trojan-activity;sid:83111705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hello/lwqlt9bzx2q/"; depth:19; endswith; nocase; http.host; content:"dreams4tomorrow.org"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248603/; classtype:trojan-activity;sid:83111703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app_data/zy7hegpnpm7b4zw/"; depth:26; endswith; nocase; http.host; content:"dusangerzicgera.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248604/; classtype:trojan-activity;sid:83111704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/dpfsbfa2lfyk3mln/"; depth:29; endswith; nocase; http.host; content:"smbfranchising.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248602/; classtype:trojan-activity;sid:83111702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"46.6.4.146"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248601/; classtype:trojan-activity;sid:83111701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.41.53.125"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248600/; classtype:trojan-activity;sid:83111700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"173.70.1.186"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248599/; classtype:trojan-activity;sid:83111699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu//x86"; depth:9; endswith; nocase; http.host; content:"194.31.98.104"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248598/; classtype:trojan-activity;sid:83111698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.42.11.156"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248597/; classtype:trojan-activity;sid:83111697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.138.252.95"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248596/; classtype:trojan-activity;sid:83111696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.20.128"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248595/; classtype:trojan-activity;sid:83111695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1/3h.exe"; depth:10; endswith; nocase; http.host; content:"dynamiperkasa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248594/; classtype:trojan-activity;sid:83111694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.188.7"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248593/; classtype:trojan-activity;sid:83111693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"38.25.146.244"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248592/; classtype:trojan-activity;sid:83111692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.34.117.115"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248591/; classtype:trojan-activity;sid:83111691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.198.249.194"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248590/; classtype:trojan-activity;sid:83111690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.241.194.198"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248589/; classtype:trojan-activity;sid:83111689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.34.152.140"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248588/; classtype:trojan-activity;sid:83111688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"211.229.74.97"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248587/; classtype:trojan-activity;sid:83111687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"122.117.235.165"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248586/; classtype:trojan-activity;sid:83111686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.18.162"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248585/; classtype:trojan-activity;sid:83111685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.246.229.106"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248584/; classtype:trojan-activity;sid:83111684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ubq3clcnwdtnqx2pg7_ggvjf91qa3e7w|7c|26|7c|confirm=t"; depth:87; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248583/; classtype:trojan-activity;sid:83111683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=17oosttkdq7srqrol1eqahetivjvvsp9p|7c|26|7c|confirm=t"; depth:87; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248582/; classtype:trojan-activity;sid:83111682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1mt0qtc9ctvscqlmyu5gcoachku3zqsf1|7c|26|7c|confirm=t"; depth:87; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248581/; classtype:trojan-activity;sid:83111681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"218.0.102.76"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248580/; classtype:trojan-activity;sid:83111680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"61.52.28.248"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248579/; classtype:trojan-activity;sid:83111679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikmerozx.exe"; depth:13; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248578/; classtype:trojan-activity;sid:83111678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.130.30.117"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248575/; classtype:trojan-activity;sid:83111675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.40.197.60"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248576/; classtype:trojan-activity;sid:83111676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.75.87.87"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248577/; classtype:trojan-activity;sid:83111677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.53.229.132"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248573/; classtype:trojan-activity;sid:83111673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.14.122.250"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248574/; classtype:trojan-activity;sid:83111674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.217.147.96"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248572/; classtype:trojan-activity;sid:83111672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.186.51.247"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248571/; classtype:trojan-activity;sid:83111671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.231.69.208"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248570/; classtype:trojan-activity;sid:83111670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.211.4.92"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248568/; classtype:trojan-activity;sid:83111668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"163.179.161.197"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248569/; classtype:trojan-activity;sid:83111669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.185.45.253"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248562/; classtype:trojan-activity;sid:83111662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.57.32.234"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248563/; classtype:trojan-activity;sid:83111663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.118.207.57"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248564/; classtype:trojan-activity;sid:83111664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.184.16.165"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248565/; classtype:trojan-activity;sid:83111665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.1.8"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248566/; classtype:trojan-activity;sid:83111666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.137.166.67"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248567/; classtype:trojan-activity;sid:83111667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.29.180"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248561/; classtype:trojan-activity;sid:83111661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.121.174.111"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248560/; classtype:trojan-activity;sid:83111660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"50.36.160.176"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248559/; classtype:trojan-activity;sid:83111659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"219.85.82.211"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248558/; classtype:trojan-activity;sid:83111658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.232.199.12"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248557/; classtype:trojan-activity;sid:83111657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"171.119.239.62"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248556/; classtype:trojan-activity;sid:83111656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.78.106.25"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248555/; classtype:trojan-activity;sid:83111655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.0.125.255"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248554/; classtype:trojan-activity;sid:83111654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.228.69.219"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248553/; classtype:trojan-activity;sid:83111653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"187.223.168.14"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248552/; classtype:trojan-activity;sid:83111652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"180.218.100.18"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248551/; classtype:trojan-activity;sid:83111651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timegive.dat"; depth:13; endswith; nocase; http.host; content:"87.236.146.97"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248550/; classtype:trojan-activity;sid:83111650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"116.30.174.255"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248549/; classtype:trojan-activity;sid:83111649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72/vbc.exe"; depth:11; endswith; nocase; http.host; content:"192.227.173.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248548/; classtype:trojan-activity;sid:83111648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uay4y/c.png"; depth:12; endswith; nocase; http.host; content:"arboldeaventuras.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248547/; classtype:trojan-activity;sid:83111647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.239.71.118"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248546/; classtype:trojan-activity;sid:83111646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.119.147"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248545/; classtype:trojan-activity;sid:83111645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"1.69.58.47"; depth:10; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248544/; classtype:trojan-activity;sid:83111644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.238.154.68"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248543/; classtype:trojan-activity;sid:83111643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/71/vbc.exe"; depth:11; endswith; nocase; http.host; content:"192.227.173.33"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248542/; classtype:trojan-activity;sid:83111642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.32.110.154"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248541/; classtype:trojan-activity;sid:83111641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.182.238.138"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248540/; classtype:trojan-activity;sid:83111640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"49.86.19.15"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248539/; classtype:trojan-activity;sid:83111639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"50.79.149.150"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248538/; classtype:trojan-activity;sid:83111638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoffice/vbc.exe"; depth:17; endswith; nocase; http.host; content:"103.171.1.178"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248537/; classtype:trojan-activity;sid:83111637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"14.173.158.67"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248536/; classtype:trojan-activity;sid:83111636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"116.24.153.161"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248535/; classtype:trojan-activity;sid:83111635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.233"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248533/; classtype:trojan-activity;sid:83111633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.130.30.50"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248534/; classtype:trojan-activity;sid:83111634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"183.188.164.94"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248532/; classtype:trojan-activity;sid:83111632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.110.60.153"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248531/; classtype:trojan-activity;sid:83111631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"84.212.200.243"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248530/; classtype:trojan-activity;sid:83111630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.107.0.42"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248529/; classtype:trojan-activity;sid:83111629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"180.188.251.81"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248528/; classtype:trojan-activity;sid:83111628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y7/sap1.exe"; depth:12; endswith; nocase; http.host; content:"dynamiperkasa.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248527/; classtype:trojan-activity;sid:83111627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"171.81.65.92"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248526/; classtype:trojan-activity;sid:83111626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc/rorotep"; depth:11; endswith; nocase; http.host; content:"bestechscogurgaon.in"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248525/; classtype:trojan-activity;sid:83111625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hu/moecqurlodu"; depth:15; endswith; nocase; http.host; content:"m3mgurugram.co"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248524/; classtype:trojan-activity;sid:83111624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/te/urmrueta"; depth:12; endswith; nocase; http.host; content:"vatikaonegurgaon.in"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248523/; classtype:trojan-activity;sid:83111623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/dmeodis"; depth:12; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248522/; classtype:trojan-activity;sid:83111622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atiu/etmtanodu"; depth:15; endswith; nocase; http.host; content:"datawrapped.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248519/; classtype:trojan-activity;sid:83111619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ele/iqdeluetdino"; depth:17; endswith; nocase; http.host; content:"adanflora.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248520/; classtype:trojan-activity;sid:83111620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uir/opprmarois"; depth:15; endswith; nocase; http.host; content:"lokbhashanews.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248521/; classtype:trojan-activity;sid:83111621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/uaenalttdumi"; depth:17; endswith; nocase; http.host; content:"apachisoftwaresolutions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248515/; classtype:trojan-activity;sid:83111615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/roapbeaucll"; depth:17; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248516/; classtype:trojan-activity;sid:83111616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmi/nmtutsaea"; depth:14; endswith; nocase; http.host; content:"rapidnews13.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248517/; classtype:trojan-activity;sid:83111617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irmc/eliuertaselp"; depth:18; endswith; nocase; http.host; content:"tvglj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248518/; classtype:trojan-activity;sid:83111618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip/porisameldo"; depth:15; endswith; nocase; http.host; content:"whizzo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248514/; classtype:trojan-activity;sid:83111614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/dseseneu"; depth:14; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248511/; classtype:trojan-activity;sid:83111611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/ensdetiiarviiritsec"; depth:25; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248512/; classtype:trojan-activity;sid:83111612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/siidcntiutto"; depth:16; endswith; nocase; http.host; content:"hgnyk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248513/; classtype:trojan-activity;sid:83111613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilb/ipcdadutudreininnae"; depth:24; endswith; nocase; http.host; content:"rohanupavanproject.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248507/; classtype:trojan-activity;sid:83111607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/qquuii"; depth:12; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248508/; classtype:trojan-activity;sid:83111608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/ouoomlrqed"; depth:15; endswith; nocase; http.host; content:"apachisoftwaresolutions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248509/; classtype:trojan-activity;sid:83111609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/pmeiolrbalatsaelro"; depth:22; endswith; nocase; http.host; content:"aicgames.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248510/; classtype:trojan-activity;sid:83111610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/itmaeimn"; depth:12; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248505/; classtype:trojan-activity;sid:83111605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asiq/mtsqceiupuarsnoa"; depth:22; endswith; nocase; http.host; content:"imzpn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248506/; classtype:trojan-activity;sid:83111606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ite/urntenoent"; depth:15; endswith; nocase; http.host; content:"iuvhb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248500/; classtype:trojan-activity;sid:83111600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oeis/tietaacccoe"; depth:17; endswith; nocase; http.host; content:"sipitours.in"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248501/; classtype:trojan-activity;sid:83111601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edmt/ltenhii"; depth:13; endswith; nocase; http.host; content:"zcikz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248502/; classtype:trojan-activity;sid:83111602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ausu/idtuoo"; depth:12; endswith; nocase; http.host; content:"restorecoinwallets.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248503/; classtype:trojan-activity;sid:83111603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/tiseuq"; depth:10; endswith; nocase; http.host; content:"goayurvedaindia.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248504/; classtype:trojan-activity;sid:83111604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abit/plottesvauae"; depth:18; endswith; nocase; http.host; content:"kenol.com.ng"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248494/; classtype:trojan-activity;sid:83111594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uuie/tlrieaitamtstuovpev"; depth:25; endswith; nocase; http.host; content:"capdigisoft.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248495/; classtype:trojan-activity;sid:83111595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tu/qisuorrepisae"; depth:17; endswith; nocase; http.host; content:"oglvl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248496/; classtype:trojan-activity;sid:83111596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/drleosoet"; depth:14; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248497/; classtype:trojan-activity;sid:83111597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/uimiasoint"; depth:14; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248498/; classtype:trojan-activity;sid:83111598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/ouqex"; depth:9; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248499/; classtype:trojan-activity;sid:83111599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/ircdaoierrips"; depth:19; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248484/; classtype:trojan-activity;sid:83111584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irrv/spaeuttenai"; depth:17; endswith; nocase; http.host; content:"mattic.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248485/; classtype:trojan-activity;sid:83111585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in/amusemagin"; depth:14; endswith; nocase; http.host; content:"hgnyk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248486/; classtype:trojan-activity;sid:83111586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/ouertrasdunaqp"; depth:19; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248487/; classtype:trojan-activity;sid:83111587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uosr/itrorunpsmioc"; depth:19; endswith; nocase; http.host; content:"afaghehekmat.ir"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248488/; classtype:trojan-activity;sid:83111588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uosr/sotepuismss"; depth:17; endswith; nocase; http.host; content:"afaghehekmat.ir"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248489/; classtype:trojan-activity;sid:83111589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ule/apmteqineeusuenr"; depth:21; endswith; nocase; http.host; content:"pwpze.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248490/; classtype:trojan-activity;sid:83111590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asiq/giedestnlini"; depth:18; endswith; nocase; http.host; content:"imzpn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248491/; classtype:trojan-activity;sid:83111591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oa/edcaslisif"; depth:14; endswith; nocase; http.host; content:"afrishopr.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248492/; classtype:trojan-activity;sid:83111592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irmc/errtmue"; depth:13; endswith; nocase; http.host; content:"tvglj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248493/; classtype:trojan-activity;sid:83111593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/rsoedldrnauceao"; depth:19; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248483/; classtype:trojan-activity;sid:83111583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncm/upltismoavang"; depth:18; endswith; nocase; http.host; content:"shamgloballlc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248480/; classtype:trojan-activity;sid:83111580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/qeutise"; depth:11; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248481/; classtype:trojan-activity;sid:83111581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/evuoutpatltqea"; depth:18; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248482/; classtype:trojan-activity;sid:83111582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sf/iiletvd"; depth:11; endswith; nocase; http.host; content:"xyahp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248478/; classtype:trojan-activity;sid:83111578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vet/sauoqtu"; depth:12; endswith; nocase; http.host; content:"vozfl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248479/; classtype:trojan-activity;sid:83111579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbut/eontsqmuiara"; depth:18; endswith; nocase; http.host; content:"transportalo.com.pe"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248476/; classtype:trojan-activity;sid:83111576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sq/otopdoiit"; depth:13; endswith; nocase; http.host; content:"whiaq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248477/; classtype:trojan-activity;sid:83111577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ieeslrensdueltp"; depth:19; endswith; nocase; http.host; content:"glkwr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248475/; classtype:trojan-activity;sid:83111575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udir/auedclrsaapeucn"; depth:21; endswith; nocase; http.host; content:"bhbxa.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248474/; classtype:trojan-activity;sid:83111574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/989294448120856627/989294890141777940/hopesv.txt"; depth:61; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248473/; classtype:trojan-activity;sid:83111573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.83.121"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248472/; classtype:trojan-activity;sid:83111572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.91.223.193"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248471/; classtype:trojan-activity;sid:83111571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"223.13.59.64"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248470/; classtype:trojan-activity;sid:83111570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/243/vbc.exe"; depth:12; endswith; nocase; http.host; content:"104.168.32.43"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248469/; classtype:trojan-activity;sid:83111569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wealthzx.exe"; depth:13; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248466/; classtype:trojan-activity;sid:83111566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugmanzx.exe"; depth:14; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248467/; classtype:trojan-activity;sid:83111567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samizx.exe"; depth:11; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248468/; classtype:trojan-activity;sid:83111568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brownzx.exe"; depth:12; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248462/; classtype:trojan-activity;sid:83111562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joshdavidzx.exe"; depth:16; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248463/; classtype:trojan-activity;sid:83111563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sojazx.exe"; depth:11; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248464/; classtype:trojan-activity;sid:83111564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davidhillzx.exe"; depth:16; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248465/; classtype:trojan-activity;sid:83111565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/shelo3.exe"; depth:23; endswith; nocase; http.host; content:"lutanedukasi.co.id"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248461/; classtype:trojan-activity;sid:83111561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yugozx.exe"; depth:11; endswith; nocase; http.host; content:"85.202.169.21"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248460/; classtype:trojan-activity;sid:83111560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.85.52.20"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248459/; classtype:trojan-activity;sid:83111559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.136.97.218"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248458/; classtype:trojan-activity;sid:83111558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"47.145.140.49"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248457/; classtype:trojan-activity;sid:83111557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqai/nivttsrnaioe"; depth:18; endswith; nocase; http.host; content:"higxm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248456/; classtype:trojan-activity;sid:83111556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uume/nidooi"; depth:12; endswith; nocase; http.host; content:"raymondrealtythane.co"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248455/; classtype:trojan-activity;sid:83111555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/mtatniuerepes"; depth:18; endswith; nocase; http.host; content:"uniquebusiness1.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248454/; classtype:trojan-activity;sid:83111554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/apeedsucudpstriniai"; depth:23; endswith; nocase; http.host; content:"lazzatedilli.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248452/; classtype:trojan-activity;sid:83111552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidt/eiteuioqatisxracmne"; depth:25; endswith; nocase; http.host; content:"kayabilgisayar.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248453/; classtype:trojan-activity;sid:83111553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aubu/agcitelenadplie"; depth:21; endswith; nocase; http.host; content:"mediashop-als.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248448/; classtype:trojan-activity;sid:83111548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erms/tsieenim"; depth:14; endswith; nocase; http.host; content:"mohaliplots.in"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248449/; classtype:trojan-activity;sid:83111549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooit/smtdnieictonii"; depth:20; endswith; nocase; http.host; content:"goonlinetrainings.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248450/; classtype:trojan-activity;sid:83111550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pte/suuieetqmiaqil"; depth:19; endswith; nocase; http.host; content:"apachisoftwaresolutions.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248451/; classtype:trojan-activity;sid:83111551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oluo/qiuquo"; depth:12; endswith; nocase; http.host; content:"mybizprojects.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248446/; classtype:trojan-activity;sid:83111546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ernd/dseefopmrnnerei"; depth:21; endswith; nocase; http.host; content:"canberracomms.com.au"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248447/; classtype:trojan-activity;sid:83111547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vee/aivudtopsetacimlip"; depth:23; endswith; nocase; http.host; content:"ygisf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248442/; classtype:trojan-activity;sid:83111542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eot/tide"; depth:9; endswith; nocase; http.host; content:"nutriselfagro.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248443/; classtype:trojan-activity;sid:83111543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oe/mtluiouisl"; depth:14; endswith; nocase; http.host; content:"bahcekentmalimusavirlik.com.tr"; depth:30; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248444/; classtype:trojan-activity;sid:83111544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilb/srruodieompebolt"; depth:21; endswith; nocase; http.host; content:"rohanupavanproject.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248445/; classtype:trojan-activity;sid:83111545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quia/nmehldrreorieeeudpeqrto"; depth:29; endswith; nocase; http.host; content:"adelineairplant.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248441/; classtype:trojan-activity;sid:83111541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vnto/serrunmut"; depth:15; endswith; nocase; http.host; content:"gopathlabsindia.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248433/; classtype:trojan-activity;sid:83111533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oluo/isgteaduf"; depth:15; endswith; nocase; http.host; content:"mybizprojects.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248434/; classtype:trojan-activity;sid:83111534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gua/mqambunua"; depth:14; endswith; nocase; http.host; content:"ecuaeventos.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248435/; classtype:trojan-activity;sid:83111535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo/tdisoti"; depth:11; endswith; nocase; http.host; content:"grandaffairs.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248436/; classtype:trojan-activity;sid:83111536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntus/intis"; depth:11; endswith; nocase; http.host; content:"upnyt.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248437/; classtype:trojan-activity;sid:83111537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etes/sdaoopoletrmlutve"; depth:23; endswith; nocase; http.host; content:"rtyaj.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248438/; classtype:trojan-activity;sid:83111538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vup/vlcsoulupatap"; depth:18; endswith; nocase; http.host; content:"prestigejindalcitybangalore.com"; depth:31; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248439/; classtype:trojan-activity;sid:83111539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/tlvloistuae"; depth:16; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248440/; classtype:trojan-activity;sid:83111540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/op/tnmae"; depth:9; endswith; nocase; http.host; content:"vivohealthcare.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248430/; classtype:trojan-activity;sid:83111530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"125.135.15.82"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248431/; classtype:trojan-activity;sid:83111531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ite/itioaloimdol"; depth:17; endswith; nocase; http.host; content:"iuvhb.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248432/; classtype:trojan-activity;sid:83111532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/micm/rerpsiieasposa"; depth:20; endswith; nocase; http.host; content:"eldpq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248425/; classtype:trojan-activity;sid:83111525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdi/iumlrboamnga"; depth:17; endswith; nocase; http.host; content:"eastbrentparishcouncil.org.uk"; depth:29; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248426/; classtype:trojan-activity;sid:83111526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/oqemereltoud"; depth:18; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248427/; classtype:trojan-activity;sid:83111527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae/rauetecmerotmeixnri"; depth:23; endswith; nocase; http.host; content:"lemhs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248428/; classtype:trojan-activity;sid:83111528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbut/oilsofilifci"; depth:18; endswith; nocase; http.host; content:"transportalo.com.pe"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248429/; classtype:trojan-activity;sid:83111529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xte/lmibsrutmuieqapoa"; depth:22; endswith; nocase; http.host; content:"onshin.co.uk"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248424/; classtype:trojan-activity;sid:83111524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eri/lrquoeuednoedm"; depth:19; endswith; nocase; http.host; content:"phiniteng.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248411/; classtype:trojan-activity;sid:83111511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne/aseiotsenpe"; depth:15; endswith; nocase; http.host; content:"efken.co.ke"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248412/; classtype:trojan-activity;sid:83111512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulr/ntilaiasmunmduu"; depth:20; endswith; nocase; http.host; content:"concreteratitan.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248413/; classtype:trojan-activity;sid:83111513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qei/iqasmtue"; depth:13; endswith; nocase; http.host; content:"merbleuedakar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248414/; classtype:trojan-activity;sid:83111514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhs/ncstuouqariiens"; depth:20; endswith; nocase; http.host; content:"turkmenulastirma.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248415/; classtype:trojan-activity;sid:83111515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/miussnoqtur"; depth:15; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248416/; classtype:trojan-activity;sid:83111516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iris/ipeievascidtnie"; depth:21; endswith; nocase; http.host; content:"dpjlg.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248417/; classtype:trojan-activity;sid:83111517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gi/asuucnbacmita"; depth:17; endswith; nocase; http.host; content:"diasfalizo.gr"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248418/; classtype:trojan-activity;sid:83111518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbut/litnimiuduansa"; depth:20; endswith; nocase; http.host; content:"transportalo.com.pe"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248419/; classtype:trojan-activity;sid:83111519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/reaeuntt"; depth:13; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248420/; classtype:trojan-activity;sid:83111520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/eolvdnretnmruioo"; depth:20; endswith; nocase; http.host; content:"gcpgp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248421/; classtype:trojan-activity;sid:83111521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdau/ltueafaitoimges"; depth:21; endswith; nocase; http.host; content:"zttgn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248422/; classtype:trojan-activity;sid:83111522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easa/dauissubdmuicmqu"; depth:22; endswith; nocase; http.host; content:"uyoey.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248423/; classtype:trojan-activity;sid:83111523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/llaiuanctd"; depth:16; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248401/; classtype:trojan-activity;sid:83111501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/iuthlni"; depth:11; endswith; nocase; http.host; content:"pvocl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248402/; classtype:trojan-activity;sid:83111502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/imoomodces"; depth:16; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248403/; classtype:trojan-activity;sid:83111503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/oddueomslr"; depth:14; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248404/; classtype:trojan-activity;sid:83111504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdau/esdipsa"; depth:13; endswith; nocase; http.host; content:"zttgn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248405/; classtype:trojan-activity;sid:83111505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iq/tsnieum"; depth:11; endswith; nocase; http.host; content:"revenue-house.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248406/; classtype:trojan-activity;sid:83111506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/io/oseerolod"; depth:13; endswith; nocase; http.host; content:"nkiic.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248407/; classtype:trojan-activity;sid:83111507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulr/siatpau"; depth:12; endswith; nocase; http.host; content:"concreteratitan.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248408/; classtype:trojan-activity;sid:83111508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ausu/angteebamama"; depth:18; endswith; nocase; http.host; content:"restorecoinwallets.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248409/; classtype:trojan-activity;sid:83111509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ihsc/emrptsuauneeqait"; depth:22; endswith; nocase; http.host; content:"softgates.ae"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248410/; classtype:trojan-activity;sid:83111510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vl/acpitildlnubias"; depth:19; endswith; nocase; http.host; content:"networkcerts.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248394/; classtype:trojan-activity;sid:83111494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/rucemlquosoed"; depth:17; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248395/; classtype:trojan-activity;sid:83111495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msoa/squioasmn"; depth:15; endswith; nocase; http.host; content:"lbufk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248396/; classtype:trojan-activity;sid:83111496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/ateeaab"; depth:13; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248397/; classtype:trojan-activity;sid:83111497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/abodmi"; depth:10; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248398/; classtype:trojan-activity;sid:83111498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/indietirscuermnseaeip"; depth:27; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248399/; classtype:trojan-activity;sid:83111499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/mnseodsi"; depth:12; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248400/; classtype:trojan-activity;sid:83111500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/do/rieaeotsdlvo"; depth:16; endswith; nocase; http.host; content:"sximalogou.gr"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248393/; classtype:trojan-activity;sid:83111493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.99.80.150"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248392/; classtype:trojan-activity;sid:83111492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"123.193.21.195"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248391/; classtype:trojan-activity;sid:83111491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"27.77.60.152"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248390/; classtype:trojan-activity;sid:83111490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/amapivietare"; depth:16; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248389/; classtype:trojan-activity;sid:83111489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/cotnuelleiscturm"; depth:20; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248388/; classtype:trojan-activity;sid:83111488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmso/eumdsueqc"; depth:15; endswith; nocase; http.host; content:"star24host.net"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248386/; classtype:trojan-activity;sid:83111486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/fficeisitso"; depth:15; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248387/; classtype:trojan-activity;sid:83111487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo/mautseoupvrlr"; depth:17; endswith; nocase; http.host; content:"grandaffairs.co.in"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248385/; classtype:trojan-activity;sid:83111485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/nseumquccoartu"; depth:18; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248384/; classtype:trojan-activity;sid:83111484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/aoattulsaprpurvi"; depth:20; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248383/; classtype:trojan-activity;sid:83111483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nll/estdtoi"; depth:12; endswith; nocase; http.host; content:"plumberpages.com.au"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248382/; classtype:trojan-activity;sid:83111482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/euqeaet"; depth:11; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248381/; classtype:trojan-activity;sid:83111481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uir/acurumdsiarptui"; depth:20; endswith; nocase; http.host; content:"lokbhashanews.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248379/; classtype:trojan-activity;sid:83111479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fl/nmeoa"; depth:9; endswith; nocase; http.host; content:"apachi.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248380/; classtype:trojan-activity;sid:83111480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/rlameptuseoldootv"; depth:22; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248377/; classtype:trojan-activity;sid:83111477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euit/aleodrdmo"; depth:15; endswith; nocase; http.host; content:"sexycallgirlsdelhi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248378/; classtype:trojan-activity;sid:83111478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/uidiqs"; depth:12; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248371/; classtype:trojan-activity;sid:83111471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/sovaetpnntluo"; depth:17; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248372/; classtype:trojan-activity;sid:83111472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/smnetdiiipom"; depth:16; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248373/; classtype:trojan-activity;sid:83111473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seo/nmtiiaum"; depth:13; endswith; nocase; http.host; content:"canadavapesstore.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248374/; classtype:trojan-activity;sid:83111474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vl/tosuesleas"; depth:14; endswith; nocase; http.host; content:"networkcerts.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248375/; classtype:trojan-activity;sid:83111475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fl/seocaatclaciai"; depth:18; endswith; nocase; http.host; content:"apachi.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248376/; classtype:trojan-activity;sid:83111476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/osoiueltdor"; depth:15; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248365/; classtype:trojan-activity;sid:83111465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidt/mqroldoeuuet"; depth:18; endswith; nocase; http.host; content:"kayabilgisayar.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248366/; classtype:trojan-activity;sid:83111466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/urratemu"; depth:12; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248367/; classtype:trojan-activity;sid:83111467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/prtoero"; depth:11; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248368/; classtype:trojan-activity;sid:83111468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/tiurapmensetu"; depth:18; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248369/; classtype:trojan-activity;sid:83111469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udir/usuotqtnnceuur"; depth:20; endswith; nocase; http.host; content:"bhbxa.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248370/; classtype:trojan-activity;sid:83111470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/mtuislaeoiser"; depth:19; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248359/; classtype:trojan-activity;sid:83111459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/aubquiduqmis"; depth:16; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248360/; classtype:trojan-activity;sid:83111460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/euaivtat"; depth:14; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248361/; classtype:trojan-activity;sid:83111461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/opaotuqrre"; depth:14; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248362/; classtype:trojan-activity;sid:83111462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncm/ieomnst"; depth:12; endswith; nocase; http.host; content:"shamgloballlc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248363/; classtype:trojan-activity;sid:83111463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/eudtexncneeirmoait"; depth:24; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248364/; classtype:trojan-activity;sid:83111464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/asedagmmn"; depth:14; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248349/; classtype:trojan-activity;sid:83111449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fl/raradesuunrceme"; depth:19; endswith; nocase; http.host; content:"apachi.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248350/; classtype:trojan-activity;sid:83111450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liuo/lttuauvieoqp"; depth:18; endswith; nocase; http.host; content:"top360digitalmediamail.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248351/; classtype:trojan-activity;sid:83111451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pss/utte"; depth:9; endswith; nocase; http.host; content:"urtku.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248352/; classtype:trojan-activity;sid:83111452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/tcbaiseuquiinmld"; depth:22; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248353/; classtype:trojan-activity;sid:83111453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/aimevaltneesoim"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248354/; classtype:trojan-activity;sid:83111454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/uesseinatsactumteib"; depth:23; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248355/; classtype:trojan-activity;sid:83111455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/eevnilsiiuaimqm"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248356/; classtype:trojan-activity;sid:83111456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/gatreompmaanm"; depth:17; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248357/; classtype:trojan-activity;sid:83111457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulr/qaupcliau"; depth:14; endswith; nocase; http.host; content:"concreteratitan.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248358/; classtype:trojan-activity;sid:83111458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsic/ttees"; depth:11; endswith; nocase; http.host; content:"oklahomasponsorahighway.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248340/; classtype:trojan-activity;sid:83111440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/mnssoniti"; depth:15; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248341/; classtype:trojan-activity;sid:83111441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le/neatcauoesqruuq"; depth:19; endswith; nocase; http.host; content:"lntemeraldisleveridian.com"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248342/; classtype:trojan-activity;sid:83111442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/imndcmusosiu"; depth:16; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248343/; classtype:trojan-activity;sid:83111443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/eiqcuerixtutape"; depth:19; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248344/; classtype:trojan-activity;sid:83111444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/bunmuauaraitodlml"; depth:23; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248345/; classtype:trojan-activity;sid:83111445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/rluieiqbo"; depth:13; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248346/; classtype:trojan-activity;sid:83111446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmc/odneqduu"; depth:13; endswith; nocase; http.host; content:"lymqe.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248347/; classtype:trojan-activity;sid:83111447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naot/mnauimci"; depth:14; endswith; nocase; http.host; content:"cpziu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248348/; classtype:trojan-activity;sid:83111448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmso/uccuimddumissu"; depth:20; endswith; nocase; http.host; content:"star24host.net"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248335/; classtype:trojan-activity;sid:83111435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/motquvtopauusl"; depth:18; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248336/; classtype:trojan-activity;sid:83111436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/oienmst"; depth:13; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248337/; classtype:trojan-activity;sid:83111437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae/uloaapdiiticss"; depth:18; endswith; nocase; http.host; content:"lemhs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248338/; classtype:trojan-activity;sid:83111438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/letpomuevatt"; depth:16; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248339/; classtype:trojan-activity;sid:83111439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/qeuataie"; depth:14; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248327/; classtype:trojan-activity;sid:83111427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/tcoeidltoprduaie"; depth:20; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248328/; classtype:trojan-activity;sid:83111428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/ounstnn"; depth:11; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248329/; classtype:trojan-activity;sid:83111429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/mmroenuer"; depth:15; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248330/; classtype:trojan-activity;sid:83111430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/lntlauua"; depth:12; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248331/; classtype:trojan-activity;sid:83111431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unec/itvnmeaotaplgmu"; depth:21; endswith; nocase; http.host; content:"pinkponyscottsdale.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248332/; classtype:trojan-activity;sid:83111432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/afeftioci"; depth:15; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248333/; classtype:trojan-activity;sid:83111433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/doodorilt"; depth:13; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248334/; classtype:trojan-activity;sid:83111434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/micm/rtiuqeniaoa"; depth:17; endswith; nocase; http.host; content:"eldpq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248321/; classtype:trojan-activity;sid:83111421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/eiemna"; depth:11; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248322/; classtype:trojan-activity;sid:83111422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsic/imaiisdclopodre"; depth:21; endswith; nocase; http.host; content:"oklahomasponsorahighway.com"; depth:27; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248323/; classtype:trojan-activity;sid:83111423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ip/eipoxsdlaoedert"; depth:19; endswith; nocase; http.host; content:"whizzo.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248324/; classtype:trojan-activity;sid:83111424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/epoasealrisrias"; depth:21; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248325/; classtype:trojan-activity;sid:83111425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/leotmisauet"; depth:16; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248326/; classtype:trojan-activity;sid:83111426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeta/ometnu"; depth:12; endswith; nocase; http.host; content:"cavle.hr"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248312/; classtype:trojan-activity;sid:83111412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/otilcrphuiirn"; depth:19; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248313/; classtype:trojan-activity;sid:83111413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/aiueisetceancdudrtpa"; depth:24; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248314/; classtype:trojan-activity;sid:83111414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/ausfqiug"; depth:12; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248315/; classtype:trojan-activity;sid:83111415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/cbsxlaiptoee"; depth:18; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248316/; classtype:trojan-activity;sid:83111416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ule/iuicdntnet"; depth:15; endswith; nocase; http.host; content:"pwpze.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248317/; classtype:trojan-activity;sid:83111417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/ouueneqq"; depth:12; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248318/; classtype:trojan-activity;sid:83111418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/biindtsunlasiteicn"; depth:23; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248319/; classtype:trojan-activity;sid:83111419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/tlulaimugfi"; depth:17; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248320/; classtype:trojan-activity;sid:83111420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/bviteiisdeat"; depth:16; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248304/; classtype:trojan-activity;sid:83111404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/nnormtuons"; depth:14; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248305/; classtype:trojan-activity;sid:83111405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/ernraetaepsuss"; depth:18; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248306/; classtype:trojan-activity;sid:83111406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/loaclceuhrimtta"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248307/; classtype:trojan-activity;sid:83111407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/tpmsvuaulloil"; depth:18; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248308/; classtype:trojan-activity;sid:83111408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eul/ttibosnmao"; depth:15; endswith; nocase; http.host; content:"fesuw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248309/; classtype:trojan-activity;sid:83111409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsdr/alipttoaeuvoetmnr"; depth:23; endswith; nocase; http.host; content:"mrhvh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248310/; classtype:trojan-activity;sid:83111410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/rcapsuesuentmitroubqo"; depth:26; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248311/; classtype:trojan-activity;sid:83111411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/ixuaqe"; depth:10; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248300/; classtype:trojan-activity;sid:83111400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vela/marrpiaeem"; depth:16; endswith; nocase; http.host; content:"uwtjm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248301/; classtype:trojan-activity;sid:83111401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/uqeseetnuirt"; depth:18; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248302/; classtype:trojan-activity;sid:83111402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/smsitpeiiomspud"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248303/; classtype:trojan-activity;sid:83111403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/reepnleaotml"; depth:17; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248295/; classtype:trojan-activity;sid:83111395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/ooriprd"; depth:13; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248296/; classtype:trojan-activity;sid:83111396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooit/deuvrelistnlplee"; depth:22; endswith; nocase; http.host; content:"goonlinetrainings.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248297/; classtype:trojan-activity;sid:83111397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/lsoiqdubriuao"; depth:17; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248298/; classtype:trojan-activity;sid:83111398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qisu/qutiua"; depth:12; endswith; nocase; http.host; content:"sol-fa.ir"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248299/; classtype:trojan-activity;sid:83111399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/ptesooerbumrintai"; depth:21; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248291/; classtype:trojan-activity;sid:83111391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/nlpeentirluiacdt"; depth:22; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248292/; classtype:trojan-activity;sid:83111392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/telomuavupitq"; depth:17; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248293/; classtype:trojan-activity;sid:83111393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diu/mamulienl"; depth:14; endswith; nocase; http.host; content:"augusta-ind.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248294/; classtype:trojan-activity;sid:83111394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/isenrdsietrepef"; depth:21; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248289/; classtype:trojan-activity;sid:83111389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/iuomremnrs"; depth:14; endswith; nocase; http.host; content:"goodhosting.com.au"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248290/; classtype:trojan-activity;sid:83111390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne/muotdotropevalul"; depth:20; endswith; nocase; http.host; content:"efken.co.ke"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248283/; classtype:trojan-activity;sid:83111383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/oirduolmn"; depth:13; endswith; nocase; http.host; content:"aicgames.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248284/; classtype:trojan-activity;sid:83111384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/nqncntronuosueu"; depth:19; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248285/; classtype:trojan-activity;sid:83111385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/aatetoivuqplmu"; depth:18; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248286/; classtype:trojan-activity;sid:83111386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/ostciuprrieapidcto"; depth:22; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248287/; classtype:trojan-activity;sid:83111387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diu/bsaldaoormriolo"; depth:20; endswith; nocase; http.host; content:"augusta-ind.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248288/; classtype:trojan-activity;sid:83111388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsdr/siiumlosaeqt"; depth:18; endswith; nocase; http.host; content:"mrhvh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248268/; classtype:trojan-activity;sid:83111368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/oremqoeeuurdlrm"; depth:21; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248269/; classtype:trojan-activity;sid:83111369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiq/uueamqet"; depth:13; endswith; nocase; http.host; content:"bnrhr.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248270/; classtype:trojan-activity;sid:83111370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnl/uampirate"; depth:14; endswith; nocase; http.host; content:"meghadarji.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248271/; classtype:trojan-activity;sid:83111371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/estarntequu"; depth:15; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248272/; classtype:trojan-activity;sid:83111372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pis/ruqsretuunedncetosa"; depth:24; endswith; nocase; http.host; content:"tzuoh.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248273/; classtype:trojan-activity;sid:83111373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/namdimise"; depth:15; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248274/; classtype:trojan-activity;sid:83111374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/fisiiiufqoc"; depth:15; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248275/; classtype:trojan-activity;sid:83111375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fl/paixes"; depth:10; endswith; nocase; http.host; content:"apachi.in"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248276/; classtype:trojan-activity;sid:83111376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fauu/rloexdo"; depth:13; endswith; nocase; http.host; content:"rvhire.aus.as"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248277/; classtype:trojan-activity;sid:83111377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/equaoacceaitc"; depth:17; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248278/; classtype:trojan-activity;sid:83111378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidt/qunami"; depth:12; endswith; nocase; http.host; content:"kayabilgisayar.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248279/; classtype:trojan-activity;sid:83111379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/ismiqupa"; depth:12; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248280/; classtype:trojan-activity;sid:83111380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li/etureoualvmmtpr"; depth:19; endswith; nocase; http.host; content:"dogrukalipplastik.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248281/; classtype:trojan-activity;sid:83111381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/aeqtuivpmuettola"; depth:20; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248282/; classtype:trojan-activity;sid:83111382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/nissmaoormei"; depth:16; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248259/; classtype:trojan-activity;sid:83111359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/imauvncme"; depth:13; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248260/; classtype:trojan-activity;sid:83111360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/liremeoairsbo"; depth:17; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248261/; classtype:trojan-activity;sid:83111361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/ufmtotlevptuagi"; depth:19; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248262/; classtype:trojan-activity;sid:83111362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/patiirpdnutesutcmeeai"; depth:25; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248263/; classtype:trojan-activity;sid:83111363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/iiiusisodqnmgs"; depth:20; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248264/; classtype:trojan-activity;sid:83111364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oui/ecntiirseide"; depth:17; endswith; nocase; http.host; content:"rrkhf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248265/; classtype:trojan-activity;sid:83111365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/rlatopsevlsoduo"; depth:19; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248266/; classtype:trojan-activity;sid:83111366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/rttluuuoapmeiv"; depth:18; endswith; nocase; http.host; content:"eyirs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248267/; classtype:trojan-activity;sid:83111367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/tifooicfsauils"; depth:19; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248255/; classtype:trojan-activity;sid:83111355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mutc/psurmbaotibe"; depth:18; endswith; nocase; http.host; content:"deaqc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248256/; classtype:trojan-activity;sid:83111356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/aairummsep"; depth:16; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248257/; classtype:trojan-activity;sid:83111357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfc/ersopoetubism"; depth:19; endswith; nocase; http.host; content:"szurkekabat.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248258/; classtype:trojan-activity;sid:83111358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ne/roreert"; depth:11; endswith; nocase; http.host; content:"efken.co.ke"; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248247/; classtype:trojan-activity;sid:83111347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/tmuaanme"; depth:12; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248248/; classtype:trojan-activity;sid:83111348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ansestdiaaeuommsel"; depth:22; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248249/; classtype:trojan-activity;sid:83111349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/utntsua"; depth:11; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248250/; classtype:trojan-activity;sid:83111350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/ausiqcudenrase"; depth:18; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248251/; classtype:trojan-activity;sid:83111351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/saasumculndpea"; depth:20; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248252/; classtype:trojan-activity;sid:83111352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tede/bnlldetisiviait"; depth:21; endswith; nocase; http.host; content:"heartsathome.org"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248253/; classtype:trojan-activity;sid:83111353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uosr/ietsum"; depth:12; endswith; nocase; http.host; content:"afaghehekmat.ir"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248254/; classtype:trojan-activity;sid:83111354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/meeipesrmxinaautm"; depth:21; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248242/; classtype:trojan-activity;sid:83111342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/onnuatruqescno"; depth:19; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248243/; classtype:trojan-activity;sid:83111343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidt/mucet"; depth:11; endswith; nocase; http.host; content:"kayabilgisayar.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248244/; classtype:trojan-activity;sid:83111344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/eaman"; depth:9; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248245/; classtype:trojan-activity;sid:83111345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/atuqou"; depth:10; endswith; nocase; http.host; content:"bibvc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248246/; classtype:trojan-activity;sid:83111346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/abuaaeett"; depth:13; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248235/; classtype:trojan-activity;sid:83111335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euit/aaumiuidmqcpnsi"; depth:21; endswith; nocase; http.host; content:"sexycallgirlsdelhi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248236/; classtype:trojan-activity;sid:83111336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/rretvuielm"; depth:14; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248237/; classtype:trojan-activity;sid:83111337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/missctuiud"; depth:14; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248238/; classtype:trojan-activity;sid:83111338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oq/rlatuooslod"; depth:15; endswith; nocase; http.host; content:"veom.org"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248239/; classtype:trojan-activity;sid:83111339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/miuneqaevae"; depth:15; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248240/; classtype:trojan-activity;sid:83111340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/tactueusoamauvlspc"; depth:24; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248241/; classtype:trojan-activity;sid:83111341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/eoetrbarrea"; depth:15; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248229/; classtype:trojan-activity;sid:83111329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oui/pcreiesutosncat"; depth:20; endswith; nocase; http.host; content:"rrkhf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248230/; classtype:trojan-activity;sid:83111330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sf/eistnmiiedlap"; depth:17; endswith; nocase; http.host; content:"xyahp.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248231/; classtype:trojan-activity;sid:83111331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/su/emutua"; depth:10; endswith; nocase; http.host; content:"ejpgq.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248232/; classtype:trojan-activity;sid:83111332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/etetpnesearu"; depth:18; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248233/; classtype:trojan-activity;sid:83111333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/taamanugm"; depth:13; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248234/; classtype:trojan-activity;sid:83111334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oui/tisipnaiicds"; depth:17; endswith; nocase; http.host; content:"rrkhf.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248221/; classtype:trojan-activity;sid:83111321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pss/fegosua"; depth:12; endswith; nocase; http.host; content:"urtku.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248222/; classtype:trojan-activity;sid:83111322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/trnnoimieeidscxeceeatiir"; depth:30; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248223/; classtype:trojan-activity;sid:83111323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qiu/iaffociut"; depth:14; endswith; nocase; http.host; content:"sunraysaunas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248224/; classtype:trojan-activity;sid:83111324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidt/ntiaeuetsp"; depth:16; endswith; nocase; http.host; content:"kayabilgisayar.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248225/; classtype:trojan-activity;sid:83111325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/msuseimoups"; depth:15; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248226/; classtype:trojan-activity;sid:83111326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uir/reaitumeruq"; depth:16; endswith; nocase; http.host; content:"lokbhashanews.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248227/; classtype:trojan-activity;sid:83111327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/numeeprteeortt"; depth:18; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248228/; classtype:trojan-activity;sid:83111328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/caciedxepuitrt"; depth:18; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248210/; classtype:trojan-activity;sid:83111310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/tutiusoiivpbdoasilcttn"; depth:26; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248211/; classtype:trojan-activity;sid:83111311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ai/iduaeaeutaprnd"; depth:18; endswith; nocase; http.host; content:"klynworkhungary.hu"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248212/; classtype:trojan-activity;sid:83111312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unec/meaquts"; depth:13; endswith; nocase; http.host; content:"pinkponyscottsdale.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248213/; classtype:trojan-activity;sid:83111313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sel/iaeslsiematop"; depth:18; endswith; nocase; http.host; content:"castilloyasociados.mx"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248214/; classtype:trojan-activity;sid:83111314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh/uqnoltrdoesceunoru"; depth:22; endswith; nocase; http.host; content:"invitoproperty.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248215/; classtype:trojan-activity;sid:83111315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veut/llhiuinlma"; depth:16; endswith; nocase; http.host; content:"sarapiquicostarica.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248216/; classtype:trojan-activity;sid:83111316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/limiiuesiqnsi"; depth:17; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248217/; classtype:trojan-activity;sid:83111317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsme/obstecrrfieepmua"; depth:22; endswith; nocase; http.host; content:"cpssm.pt"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248218/; classtype:trojan-activity;sid:83111318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/isqeaue"; depth:11; endswith; nocase; http.host; content:"aicgames.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248219/; classtype:trojan-activity;sid:83111319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/tlleamaiio"; depth:14; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248220/; classtype:trojan-activity;sid:83111320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/si/isgmaociffiin"; depth:17; endswith; nocase; http.host; content:"dishahearing.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248204/; classtype:trojan-activity;sid:83111304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/uftiusgoq"; depth:14; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248205/; classtype:trojan-activity;sid:83111305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/otirdicuoennlsd"; depth:19; endswith; nocase; http.host; content:"goodhosting.com.au"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248206/; classtype:trojan-activity;sid:83111306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vela/uieptsm"; depth:13; endswith; nocase; http.host; content:"uwtjm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248207/; classtype:trojan-activity;sid:83111307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/tusauaq"; depth:13; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248208/; classtype:trojan-activity;sid:83111308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/seiuirpa"; depth:12; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248209/; classtype:trojan-activity;sid:83111309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uprm/olploumvertutoad"; depth:22; endswith; nocase; http.host; content:"gvxai.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248197/; classtype:trojan-activity;sid:83111297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/ruuspnrtqeraateaa"; depth:21; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248198/; classtype:trojan-activity;sid:83111298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/rsiouqtpumbei"; depth:19; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248199/; classtype:trojan-activity;sid:83111299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/emmmoxssaalitie"; depth:19; endswith; nocase; http.host; content:"pvocl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248200/; classtype:trojan-activity;sid:83111300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass/etmiimnas"; depth:15; endswith; nocase; http.host; content:"stashstate.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248201/; classtype:trojan-activity;sid:83111301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/asiodbteotsscneuii"; depth:24; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248202/; classtype:trojan-activity;sid:83111302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/euaqits"; depth:13; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248203/; classtype:trojan-activity;sid:83111303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eul/enosatuatpmr"; depth:17; endswith; nocase; http.host; content:"fesuw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248188/; classtype:trojan-activity;sid:83111288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidt/dlosfiaoiclr"; depth:18; endswith; nocase; http.host; content:"kayabilgisayar.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248189/; classtype:trojan-activity;sid:83111289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooit/rmlasmnoobaiois"; depth:21; endswith; nocase; http.host; content:"goonlinetrainings.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248190/; classtype:trojan-activity;sid:83111290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/aduqtou"; depth:12; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248191/; classtype:trojan-activity;sid:83111291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qei/vpamtlaemntuiois"; depth:21; endswith; nocase; http.host; content:"merbleuedakar.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248192/; classtype:trojan-activity;sid:83111292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/tianlnlus"; depth:15; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248193/; classtype:trojan-activity;sid:83111293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iac/suaasdiidlnoeemrapte"; depth:25; endswith; nocase; http.host; content:"xfamn.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248194/; classtype:trojan-activity;sid:83111294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euit/etaslretepl"; depth:17; endswith; nocase; http.host; content:"sexycallgirlsdelhi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248195/; classtype:trojan-activity;sid:83111295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec/axobceotmltpia"; depth:18; endswith; nocase; http.host; content:"pwgzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248196/; classtype:trojan-activity;sid:83111296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/aiuquqi"; depth:13; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248181/; classtype:trojan-activity;sid:83111281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neig/oierevts"; depth:14; endswith; nocase; http.host; content:"krmda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248182/; classtype:trojan-activity;sid:83111282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gi/asleauirnett"; depth:16; endswith; nocase; http.host; content:"diasfalizo.gr"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248183/; classtype:trojan-activity;sid:83111283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/meqdeiqauu"; depth:14; endswith; nocase; http.host; content:"soletstalkdigital.co"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248184/; classtype:trojan-activity;sid:83111284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/edtuosis"; depth:12; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248185/; classtype:trojan-activity;sid:83111285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/osettaom"; depth:13; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248186/; classtype:trojan-activity;sid:83111286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/abtluvoisteptu"; depth:20; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248187/; classtype:trojan-activity;sid:83111287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooit/tveomaeltupt"; depth:18; endswith; nocase; http.host; content:"goonlinetrainings.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248174/; classtype:trojan-activity;sid:83111274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/toenns"; depth:11; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248175/; classtype:trojan-activity;sid:83111275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/svneodsiilgmsi"; depth:18; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248176/; classtype:trojan-activity;sid:83111276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/udeorlvlom"; depth:14; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248177/; classtype:trojan-activity;sid:83111277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toev/ifuirtpofasiairc"; depth:22; endswith; nocase; http.host; content:"uaxrx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248178/; classtype:trojan-activity;sid:83111278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb/uttaiaptecuid"; depth:17; endswith; nocase; http.host; content:"anilcomputersudaipur.com"; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248179/; classtype:trojan-activity;sid:83111279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/ospluebtoatisvn"; depth:19; endswith; nocase; http.host; content:"goodhosting.com.au"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248180/; classtype:trojan-activity;sid:83111280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/iuauamlqiq"; depth:16; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248165/; classtype:trojan-activity;sid:83111265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exa/neumsont"; depth:13; endswith; nocase; http.host; content:"hcuay.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248166/; classtype:trojan-activity;sid:83111266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li/ecapbldsxeoi"; depth:16; endswith; nocase; http.host; content:"dogrukalipplastik.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248167/; classtype:trojan-activity;sid:83111267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedm/emlcodmtvioi"; depth:18; endswith; nocase; http.host; content:"begumpuratimes.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248168/; classtype:trojan-activity;sid:83111268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ul/titens"; depth:10; endswith; nocase; http.host; content:"mercyhealthfamily.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248169/; classtype:trojan-activity;sid:83111269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/seeamtd"; depth:13; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248170/; classtype:trojan-activity;sid:83111270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ou/ueteptanis"; depth:14; endswith; nocase; http.host; content:"xhoez.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248171/; classtype:trojan-activity;sid:83111271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec/saeeoilemta"; depth:15; endswith; nocase; http.host; content:"pwgzi.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248172/; classtype:trojan-activity;sid:83111272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ini/eroreosr"; depth:13; endswith; nocase; http.host; content:"rayzonlimited.co.ke"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248173/; classtype:trojan-activity;sid:83111273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtuu/maqliauat"; depth:15; endswith; nocase; http.host; content:"afrozaway.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248164/; classtype:trojan-activity;sid:83111264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av/stpuamiu"; depth:12; endswith; nocase; http.host; content:"gmjyy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248155/; classtype:trojan-activity;sid:83111255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/nbmeaeetai"; depth:14; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248156/; classtype:trojan-activity;sid:83111256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/ebaneanot"; depth:13; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248157/; classtype:trojan-activity;sid:83111257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uam/mniisipaam"; depth:15; endswith; nocase; http.host; content:"frmxm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248158/; classtype:trojan-activity;sid:83111258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diu/osqsteu"; depth:12; endswith; nocase; http.host; content:"augusta-ind.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248159/; classtype:trojan-activity;sid:83111259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toer/adni"; depth:10; endswith; nocase; http.host; content:"passiontiles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248160/; classtype:trojan-activity;sid:83111260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suq/leerdapaeucntipada"; depth:23; endswith; nocase; http.host; content:"jrzxy.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248161/; classtype:trojan-activity;sid:83111261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/tmelvptiuipasoidca"; depth:22; endswith; nocase; http.host; content:"veominfotech.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248162/; classtype:trojan-activity;sid:83111262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vl/tisopqiou"; depth:13; endswith; nocase; http.host; content:"networkcerts.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248163/; classtype:trojan-activity;sid:83111263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us/susniaquacumitca"; depth:20; endswith; nocase; http.host; content:"bmrl.in"; depth:7; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248144/; classtype:trojan-activity;sid:83111244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/am/qreatteua"; depth:13; endswith; nocase; http.host; content:"bibvc.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248145/; classtype:trojan-activity;sid:83111245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/eprniedomttva"; depth:17; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248146/; classtype:trojan-activity;sid:83111246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eri/elsmeolerspinudn"; depth:21; endswith; nocase; http.host; content:"phiniteng.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248147/; classtype:trojan-activity;sid:83111247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/ndocitiistonn"; depth:17; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248148/; classtype:trojan-activity;sid:83111248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/strpooicer"; depth:14; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248149/; classtype:trojan-activity;sid:83111249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui/iqqauui"; depth:11; endswith; nocase; http.host; content:"workpointprojects.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248150/; classtype:trojan-activity;sid:83111250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/emioirosnsma"; depth:18; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248151/; classtype:trojan-activity;sid:83111251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/sglciaimanfi"; depth:16; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248152/; classtype:trojan-activity;sid:83111252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqiu/isnsureiccuidmdei"; depth:23; endswith; nocase; http.host; content:"rtofv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248153/; classtype:trojan-activity;sid:83111253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/asismneputeerd"; depth:20; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248154/; classtype:trojan-activity;sid:83111254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cida/ltpaceaqsui"; depth:17; endswith; nocase; http.host; content:"defineoverseas.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248139/; classtype:trojan-activity;sid:83111239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/nqataorsnuusecut"; depth:20; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248140/; classtype:trojan-activity;sid:83111240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/etta"; depth:8; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248141/; classtype:trojan-activity;sid:83111241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iris/rtuiurptaaa"; depth:17; endswith; nocase; http.host; content:"dpjlg.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248142/; classtype:trojan-activity;sid:83111242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trte/tacraufee"; depth:15; endswith; nocase; http.host; content:"motorclips.com.au"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248143/; classtype:trojan-activity;sid:83111243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/eaeaumsntds"; depth:15; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248135/; classtype:trojan-activity;sid:83111235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulu/eiuouptavmatvlt"; depth:20; endswith; nocase; http.host; content:"cucnet.hu"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248136/; classtype:trojan-activity;sid:83111236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eet/eesta"; depth:10; endswith; nocase; http.host; content:"kafarooqui.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248137/; classtype:trojan-activity;sid:83111237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/smdqoeluior"; depth:15; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248138/; classtype:trojan-activity;sid:83111238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/odorsoesel"; depth:16; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248131/; classtype:trojan-activity;sid:83111231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smoi/oebcxixleap"; depth:17; endswith; nocase; http.host; content:"hrgoelgroup.org"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248132/; classtype:trojan-activity;sid:83111232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/uqateiueeaq"; depth:16; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248133/; classtype:trojan-activity;sid:83111233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ei/atieaoemltsebae"; depth:19; endswith; nocase; http.host; content:"aicgames.com"; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248134/; classtype:trojan-activity;sid:83111234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/iutoiqd"; depth:11; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248124/; classtype:trojan-activity;sid:83111224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ts/aqeutamtto"; depth:14; endswith; nocase; http.host; content:"goodhosting.com.au"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248125/; classtype:trojan-activity;sid:83111225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sr/iosmiuitdsiafsggn"; depth:21; endswith; nocase; http.host; content:"biotrikorganization.in"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248126/; classtype:trojan-activity;sid:83111226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/ieiiomsmanmra"; depth:19; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248127/; classtype:trojan-activity;sid:83111227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/ttuua"; depth:9; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248128/; classtype:trojan-activity;sid:83111228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooit/unmeime"; depth:13; endswith; nocase; http.host; content:"goonlinetrainings.com"; depth:21; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248129/; classtype:trojan-activity;sid:83111229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/os/ideticsrisaapp"; depth:18; endswith; nocase; http.host; content:"xpacu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248130/; classtype:trojan-activity;sid:83111230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/ottlamsieee"; depth:17; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248114/; classtype:trojan-activity;sid:83111214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/osdeinuodrtlsrueb"; depth:21; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248115/; classtype:trojan-activity;sid:83111215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rg/ionqnu"; depth:10; endswith; nocase; http.host; content:"voqga.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248116/; classtype:trojan-activity;sid:83111216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toer/ttaatuom"; depth:14; endswith; nocase; http.host; content:"passiontiles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248117/; classtype:trojan-activity;sid:83111217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ere/bpeapotluvoisaclx"; depth:22; endswith; nocase; http.host; content:"waytoslams.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248118/; classtype:trojan-activity;sid:83111218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/riiiiielscdmeenusiq"; depth:23; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248119/; classtype:trojan-activity;sid:83111219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uise/iusamqcausuc"; depth:18; endswith; nocase; http.host; content:"hchxs.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248120/; classtype:trojan-activity;sid:83111220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/la/rpaobuvellostsuitod"; depth:23; endswith; nocase; http.host; content:"ofnwu.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248121/; classtype:trojan-activity;sid:83111221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uuir/tuiscbeiiasepiaistscnd"; depth:28; endswith; nocase; http.host; content:"sdpiv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248122/; classtype:trojan-activity;sid:83111222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euit/iaeuruetgpixctf"; depth:21; endswith; nocase; http.host; content:"sexycallgirlsdelhi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248123/; classtype:trojan-activity;sid:83111223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qer/easnstbiusiceuntst"; depth:23; endswith; nocase; http.host; content:"advanzogroup.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248112/; classtype:trojan-activity;sid:83111212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qer/medui"; depth:10; endswith; nocase; http.host; content:"advanzogroup.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248113/; classtype:trojan-activity;sid:83111213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/dtauicspii"; depth:14; endswith; nocase; http.host; content:"ybeyz.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248105/; classtype:trojan-activity;sid:83111205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitm/quiuta"; depth:12; endswith; nocase; http.host; content:"tbfvw.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248106/; classtype:trojan-activity;sid:83111206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uh/stueimp"; depth:11; endswith; nocase; http.host; content:"invitoproperty.com"; depth:18; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248107/; classtype:trojan-activity;sid:83111207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpos/uiqrroaesseisep"; depth:21; endswith; nocase; http.host; content:"chirurgiendentistevesinet.fr"; depth:28; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248108/; classtype:trojan-activity;sid:83111208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie/amrtttiloailochiec"; depth:22; endswith; nocase; http.host; content:"kmxqd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248109/; classtype:trojan-activity;sid:83111209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qiu/umusaatqqiu"; depth:16; endswith; nocase; http.host; content:"sunraysaunas.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248110/; classtype:trojan-activity;sid:83111210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ule/ouaoltdr"; depth:13; endswith; nocase; http.host; content:"pwpze.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248111/; classtype:trojan-activity;sid:83111211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/olouidorsbptoi"; depth:19; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248104/; classtype:trojan-activity;sid:83111204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unec/pmaecsfirea"; depth:17; endswith; nocase; http.host; content:"pinkponyscottsdale.com"; depth:22; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248099/; classtype:trojan-activity;sid:83111199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulr/lumtlea"; depth:12; endswith; nocase; http.host; content:"concreteratitan.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248100/; classtype:trojan-activity;sid:83111200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qu/dtuesmcnlraouteevaap"; depth:24; endswith; nocase; http.host; content:"fucfx.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248101/; classtype:trojan-activity;sid:83111201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ro/upmais"; depth:10; endswith; nocase; http.host; content:"drkukreja.com"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248102/; classtype:trojan-activity;sid:83111202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/roouidqdmle"; depth:15; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248103/; classtype:trojan-activity;sid:83111203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/ooruvoaslmultpd"; depth:19; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248090/; classtype:trojan-activity;sid:83111190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/od/daostuulpelscvte"; depth:20; endswith; nocase; http.host; content:"zkevd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248091/; classtype:trojan-activity;sid:83111191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vela/piivaluesrctta"; depth:20; endswith; nocase; http.host; content:"uwtjm.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248092/; classtype:trojan-activity;sid:83111192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ue/cnmcecaoesiasudaat"; depth:22; endswith; nocase; http.host; content:"pen-drives.in"; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248093/; classtype:trojan-activity;sid:83111193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpa/lrruoednetdso"; depth:18; endswith; nocase; http.host; content:"tfikv.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248094/; classtype:trojan-activity;sid:83111194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aeta/veguofar"; depth:14; endswith; nocase; http.host; content:"cavle.hr"; depth:8; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248095/; classtype:trojan-activity;sid:83111195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tues/msitbnoeua"; depth:16; endswith; nocase; http.host; content:"ptbwl.com"; depth:9; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248096/; classtype:trojan-activity;sid:83111196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tt/netibavee"; depth:13; endswith; nocase; http.host; content:"new-indonesia.org"; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248097/; classtype:trojan-activity;sid:83111197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfnd/teut"; depth:10; endswith; nocase; http.host; content:"yashviindustries.com"; depth:20; isdataat:!1,relative; metadata:created_at 2022_06_23; reference:url, urlhaus.abuse.ch/url/2248098/; classtype:trojan-activity;sid:83111198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET an